last executing test programs:

23.05021184s ago: executing program 1 (id=2814):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
ioctl$USBDEVFS_BULK(r0, 0x5523, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = memfd_secret(0x80000)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="780000000001050000000000000000000500000508001a000000000a480002800c00028005000100110000000c00028005c38e2d71987a672d00028005000100000000000c00028005000100110000000c000280050001003a000000060003400002000008000740000000050c0017000000000800002d7d"], 0x78}, 0x1, 0x0, 0x0, 0x40014}, 0x4008800)
accept4(r2, &(0x7f0000000480), &(0x7f0000000500)=0x80, 0x800)
r3 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_disconnect(r3)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000080)={0x10, &(0x7f0000000280)=ANY=[@ANYRESOCT=r1], 0x0, 0x0})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0], 0x1})

19.606701503s ago: executing program 1 (id=2835):
r0 = openat$ttynull(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$binder_debug(0xffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000600))
io_uring_setup(0x13b5, &(0x7f0000000140)={0x0, 0x5606, 0x40, 0xdfffffff, 0x2fa})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$char_usb(r2, &(0x7f0000001300)='7', 0x1)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f0000000000))

16.813426467s ago: executing program 1 (id=2834):
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000540)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000300"/84], 0x54)

16.556267422s ago: executing program 1 (id=2836):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000001740)=[{{&(0x7f00000000c0)={0xa, 0x4e24, 0x5, @loopback={0x11}, 0xf3c4}, 0x1c, 0x0, 0xff00}}], 0x1, 0x8800)

16.019929756s ago: executing program 1 (id=2838):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$inet_mreqn(r0, 0x0, 0x23, 0x0, &(0x7f0000000c00))
r1 = syz_usb_connect(0x6, 0x2d, &(0x7f0000000140)=ANY=[@ANYRESOCT], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x20000000000)
r3 = io_uring_setup(0x61f8, &(0x7f0000000a40)={0x0, 0x1, 0x2, 0xfffffffe, 0x40003bd})
close_range(r3, 0xffffffffffffffff, 0x0)
read$char_usb(r2, &(0x7f0000000480)=""/74, 0x4a)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x36, 0x0, &(0x7f00000001c0))
syz_usb_connect(0x3, 0x71, &(0x7f0000000100)=ANY=[@ANYBLOB="120100034ca0b5203360084113cc0102030109025f000107a1407509048002060103ec010905170220009100060725018008ff0009058703ff03d1010702010900100000000000000725"], &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0})
msgrcv(0x0, &(0x7f0000000000)={0x0, ""/4}, 0xfffffe96, 0x0, 0x1000)
r5 = msgget$private(0x0, 0x80)
msgctl$IPC_INFO(r5, 0x3, &(0x7f00000001c0)=""/115)
ioctl$KVM_DIRTY_TLB(r2, 0x400caeaa, &(0x7f0000000040)={0x14f, 0x9})
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r6, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r7, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r7, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="c0000000030801010000000000000000020000050500030050000000050003002100000006000240892f00000900010073797a310000000034000480080001400000ffff08000540ed0000810800064000000002080003400000000008000440000000020800044000000200440004800800094000000072080007400000759b080006"], 0xc0}, 0x1, 0x0, 0x0, 0x4004001}, 0x4000040)
r9 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000640)={0x0, 0x0, 0x0, &(0x7f0000000600)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x2})
sendto(r7, &(0x7f0000000580)="1db4d479c5fa", 0x6, 0x8094, 0x0, 0x0)
sendto$inet(r7, &(0x7f0000000000)="0339924c7970", 0x6, 0x40004, 0x0, 0x0)

15.634073246s ago: executing program 1 (id=2841):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)={{0x14, 0x10, 0x1, 0x13000000}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x801, 0x0, 0x0, {0x3, 0x0, 0x4}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}}], {0x14}}, 0xa8}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

9.356093193s ago: executing program 4 (id=2865):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
getdents(0xffffffffffffffff, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000240)={&(0x7f0000000000)=@llc={0x1a, 0x33a, 0x6, 0x4, 0x41, 0x4}, 0x80, &(0x7f0000000080), 0x0, &(0x7f00000000c0)=[{0x34, 0x114, 0x4, "02c821cb4ff9fd5983f091d7f062d3f48cca7905b0e330374fc5807b83b1ab0d56ded045f2"}, {0x70, 0x0, 0x4, "c492d37b0c803e0b2e8cec46a713d19caaaacea8ff60b29787b47778a3b6f915235e704ffb7b89620fcf14780e4d0e22463c2e2fd601d05281dc5ecf599bc71b9ce6c4afe94be1f39bfa1b73bfe1d50fc86eb140aa5822f8b09989fca3f36e81b2e4"}, {0xb4, 0x0, 0x79, "ee01a9de0dea063691da457592f5e06095e13d8b7247566f3433dce4e6fcf28914cb4d987ba4c6f939b10582800ade6b76b742713d78d2fcf1ce7fe8cdcc16f12675e09dd2620970c3ed19ff8aeae1f400252ba073ff3b2022499bb925b8d970744a6ad5d22e4a0c6081427ad562c9c634615f19de85efe711bdd4794b1da69c66c66cbd29fb6813ad8a063603dacff280c06b96230564f642cf7ff9769854a7cee78ffcc123ef9b"}], 0x158}, 0x4010)

9.095981168s ago: executing program 4 (id=2867):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$getregset(0x4205, r5, 0x1, &(0x7f0000000080)={0x0})
sched_setattr(r5, &(0x7f0000000140)={0x38, 0x0, 0x14, 0x1, 0x9, 0x9, 0x5, 0x3, 0x9, 0x1}, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x2000)
socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x31, &(0x7f0000000040)=0x7, 0x4)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r6, &(0x7f0000000600)=[{{&(0x7f0000000140)=@nfc_llcp, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/199}, {&(0x7f0000000340)=""/161}, {&(0x7f0000000400)=""/94}, {&(0x7f0000000480)=""/160}, {&(0x7f0000000640)=""/155}, {&(0x7f0000000700)=""/80}], 0x0, &(0x7f0000000580)=""/80, 0x11}}], 0x4000000000002ff, 0x2, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r7, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r8 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r8, 0x0, 0x0)

8.122936076s ago: executing program 4 (id=2869):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x701, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0)
io_setup(0x3, &(0x7f0000000180))
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r2, &(0x7f0000000280)=[{&(0x7f00000000c0)="e89ed789b19b", 0x6}], 0x1)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3)
setsockopt$inet_int(r3, 0x6000000, 0x13, &(0x7f0000000040), 0x2)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x298f3cc22e12b39a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
write$proc_mixer(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="a5ac54b6bd01f8bf20274d6173746572204361707475726527203030f4b2b8374ec427f1af3030303030303030303030303030303030300a4d49432027"], 0xdf)
dup3(r5, r4, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x49, &(0x7f0000000940))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r6)
r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f0000000340)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x310, 0xb1, 0x23, 0xfe, 0x40, 0x1b}, 0x3b, &(0x7f00000002c0)={0x5, 0xf, 0x3b, 0x2, [@generic={0x22, 0x10, 0x0, "f68e2d4f72fc3c5db3d527c769367284e328190faaed333db7e9ffe4bdd498"}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "6a7ebc3b10413d5959f8b37b478483d7"}]}, 0x1, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x401}}]})
r9 = dup(r8)
ioctl$PTP_EXTTS_REQUEST2(r9, 0x40043d0d, 0x0)
write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000540)={'pimreg', 0x32, 0x31}, 0x9)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r10, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500090000001400040073"], 0x58}}, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x4, 0x40000000, 0x4b32, 0x6, 0x0, 0x0, 0x0, 0xffff, 0x4000000})

7.781494098s ago: executing program 2 (id=2870):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa1}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0x48}}, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
r3 = openat$rdma_cm(0xffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r4=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000680)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000380), r4}}, 0x20)
timer_create(0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f)
read$dsp(0xffffffffffffffff, &(0x7f0000000300)=""/79, 0x4f)
epoll_create(0xd)
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000de0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x0, &(0x7f0000000400)={0x0, 0x3, 0x60, @string={0x60, 0x3, "51801920bbb81dd1d01e752f68a7cd974d3106f6c4f37654ddb35f3e3c1113a0ab020f422dd795f87aaafa95f650e77168262f5398466937dcffcf7ed2c4c76dae4902049ac30337e0c165c7d32ed9a2245a09b40e2d202eafbce3b43ada"}}, &(0x7f0000000140)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0xe3bcd08330f2d08c}, @main=@item_4={0x3, 0x0, 0x2, "974046c7"}]}}, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0xc, 0xf, 0x1, {0x22, 0x926}}}}, 0x0)
socket$inet(0x10, 0x3, 0x0)

6.652299442s ago: executing program 3 (id=2871):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(r1)
r2 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000040), 0x80100, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000080)={0x9, 0x0, 0x1010, 0x7, 0x8, 0x1, 0x1e7c0, 0x1})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

6.421471421s ago: executing program 0 (id=2872):
socket$netlink(0x10, 0x3, 0x8000000004)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
pread64(r0, &(0x7f0000000480)=""/4096, 0x1000, 0x7)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000f00)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4623, 0x4, @local, 0x100}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)="b6", 0x1}], 0x1}}], 0x2, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
dup3(r1, r2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="44000000100003040000", @ANYRES32=0x0, @ANYBLOB="2591ad8800000000180012800e00010069703665727370616e"], 0x44}}, 0x0)
dup(r3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0xffffffffffffffff}, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'ip6tnl0\x00'}}, 0x1e)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0x34}}, 0x0)
r6 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="fe"])
ioctl$KVM_SET_CPUID(r8, 0x4008ae8a, &(0x7f0000000000)=ANY=[])
shutdown(r1, 0x1)

6.420895136s ago: executing program 3 (id=2873):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, 0x0, 0x0)
r1 = io_uring_setup(0x4126, &(0x7f0000000180)={0x0, 0x0, 0x2})
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000080)="94", 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x1eb640, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r2, 0x50009418, &(0x7f0000001b00)={{}, 0x0, 0x0, @unused=[0x547, 0xa83, 0x2, 0x2], @subvolid=0x4})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffffe)
r7 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_crash_size', 0x8000, 0x80)
read$FUSE(r7, &(0x7f0000000480)={0x2020}, 0x2020)
r8 = openat$sndtimer(0xffffff9c, &(0x7f0000001840), 0x400)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r8, 0x403c5404, &(0x7f0000001880)={{0x3, 0x0, 0x1, 0x3, 0x9}, 0x1000000, 0x3})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000440))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r9 = openat$vsock(0xffffff9c, &(0x7f0000000240), 0x252000, 0x0)
sendmsg$nl_route(r9, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000003a00000100000000fcdbdf25f6000000"], 0x14}}, 0x4000000)
io_uring_register$IORING_REGISTER_RING_FDS(r1, 0x13, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x1, 0x2, 0x88, 0xfffffffffffffbff, 0x46b1, 0x80]}], 0x1)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000680001090000000000000000000000000000000014000200ffffffffffff0000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

6.00023487s ago: executing program 3 (id=2874):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x701, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0)
io_setup(0x3, &(0x7f0000000180))
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r1, &(0x7f0000000280)=[{&(0x7f00000000c0)="e89ed789b19b", 0x6}], 0x1)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3)
setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000000040), 0x2)
ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffd000/0x2000)=nil, 0x2000})
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x298f3cc22e12b39a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
write$proc_mixer(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="a5ac54b6bd01f8bf20274d6173746572204361707475726527203030f4b2b8374ec427f1af3030303030303030303030303030303030300a4d49432027"], 0xdf)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="34000000000b01020000000000000000f4bd9b900800034000000001"], 0x34}}, 0x0)
r5 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf085, 0x10100, 0x2}, &(0x7f0000000100)=<r6=>0x0, &(0x7f00000003c0)=<r7=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1})
io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
dup3(r4, r3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x49, &(0x7f0000000940))
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9)
r10 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f0000000340)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x310, 0xb1, 0x23, 0xfe, 0x40, 0x1b}, 0x3b, &(0x7f00000002c0)={0x5, 0xf, 0x3b, 0x2, [@generic={0x22, 0x10, 0x0, "f68e2d4f72fc3c5db3d527c769367284e328190faaed333db7e9ffe4bdd498"}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "6a7ebc3b10413d5959f8b37b478483d7"}]}, 0x1, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x401}}]})
dup(r10)

5.651400044s ago: executing program 2 (id=2875):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d44ebb40ec188832cf690102030109021b00010000000009040000010e01000009058103"], 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040))
r1 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYRES32], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
r2 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x8, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r3)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
syz_open_dev$video4linux(&(0x7f0000000000), 0x101, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='oom_score_adj\x00')
r4 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
pipe(&(0x7f00000000c0))
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x54}}, 0x0)

4.940522396s ago: executing program 0 (id=2876):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x356, 0x3a, '\xf1', 0x3a, '', 0x3a, './file0', 0x3a, [0x43, 0x50]}, 0x2a)
r1 = openat$sndtimer(0xffffff9c, &(0x7f00000001c0), 0x8000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3, 0x2, 0x5})
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x4000020)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000500)=ANY=[@ANYBLOB="cc020000210a0108fdffffff0000000000000000630003"], 0x2cc}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f00000000c0)={0x8, 0x3ff, 0x2})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x8b, 0x6576, 0x9})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r8, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000)
ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, &(0x7f0000000000)={0x3, {0x4, 0x8, 0x8, 0x80000000}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r9, 0x0)

4.679835888s ago: executing program 4 (id=2877):
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYRES16=r0], 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x400}, 0x0, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)
connect$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x3f20, @mcast2, 0x9, 0x2}, 0x20)
syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a)

3.943112748s ago: executing program 2 (id=2878):
r0 = openat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)={0x43, 0x87, 0x8}, 0x18)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = dup(r1)
ioctl$FS_IOC_RESVSP(r2, 0x402c5828, &(0x7f0000000180)={0x0, 0x2, 0x80000, 0xfe0000000000000})
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000280)={0x5, 0xff, 0x1, 'queue0\x00', 0x3})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
setfsuid(0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c000000180001000000000000000000020000000000000500000000f8f41b8059a2b2ff2a19fe44671c100009800c0008800800015304000500"], 0x2c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'})
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000280), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f043})
ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc0f8565c, &(0x7f0000000040)={0x10001, 0x3, 0x1, {0x1, @pix={0x8, 0x6, 0x56595559, 0x1, 0x206, 0xa, 0x7, 0x5, 0x1, 0x2, 0x1, 0x6}}, 0xf})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCSIFBR(r6, 0x8941, &(0x7f0000000500)=@get={0x1, 0x0, 0x1})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r7, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r8, 0x107, 0x12, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x3e)
openat$nvram(0xffffff9c, &(0x7f0000000140), 0x10380, 0x0)
write$UHID_DESTROY(r2, &(0x7f0000000200), 0xfffffffffffffe4e)

3.044876515s ago: executing program 4 (id=2879):
r0 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x0, 0x5c, 0x160, 0x134, 0x3e0, 0x240, 0x228, 0x25a, 0x240, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [0x0, 0xffffff00], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xec, 0x134, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x24}, {0x0, "d176"}}, @common=@unspec=@state={{0x24}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2={0xfc, 0x2, '\x00', 0x4}, [0x0, 0x0, 0xff000000], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x364)

2.503752513s ago: executing program 3 (id=2880):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000004200)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000140)="ebe364e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f0000000700)="b14b0b46d1082c424a85abba613518ab7a4ef3d492684908505640627f906dd2c9e85825f1fc4ca94f8bb8e8e78a9e17cc92ab51fed4cc51a283d96d162e1a2a8c5c7c266a18a19ffe5bd8e899e36f7ada1a4ca6d546558e68c3fb4e830b8dd747b4edfcfe4b15", 0x67}, {&(0x7f0000000780)="20fd6edfe1aab98903cefad48d5e949795f8070000000000000023db007fef957bb8311f1d4c8811920e9ff0c717ce476aae29a2fc3ecc8492d21488fa198139927e5571987ecb4c78d7761fabeea179e4ac2fa9f248366846ed435926a5fa486e7b9e22ced4f5c810187172f7270d1a94102a5cc482965cb9b8e9cce80c67b6d9540fca1040d2fa78eb10f396b7c00ba655ec0a2486322cedc3e8665c40aee2d86f316944d7ebecf14504c9", 0xac}, {&(0x7f0000000900)="1c19e2e76354112f77dd4608112cc26407c3357956b1143cdfa728ee8cb1d2848bb3d84b1824599ac693b77c9e09347377141617ee52e7022329fb94ae1bf5ca5942e6a425931ca3d724bf3f807a47f1020bd966d719750bbab7", 0x5a}, {&(0x7f0000000980)="8a6f64057f15044e5d47bcb14f699fbe6e808d14c7171667f94a5cd79ea87f140dbfdfdf0a690fb767303ab2ccbe2996a99a10cb578fc1dc45dbc8ecf897583369d286b64a068183320ec37f03826c2a4319d1fba27d29e77e9f26bde2cc373f699813b0ab336865e2083b1394ad37ad466e5dd25ee58f44a6280acca0048f3df324c31487f7b5fbd832f3c39ad5c203b32d8d875923c2cf2264accf1f54e00ce7e881edf4d33a5272b76618fdfc5bd155c59dbb51318e61b147e5c2df264e58686d24e4983008433e0a392ddcf4", 0xce}, {&(0x7f0000001a80)="3ebcb433a338b8e98088885fb1d56037bbe256ef00668e5d9302c2f5ec221267113b41de181c92f5433c344545e7439c4c2306cc0c44a18d3703921599900e7cffd86ec9ac253b05e06bdddc492de4ca94a6dd96e5c7c849435e109059a86b5655514460eb45a41a6693a8993acf46e6", 0x70}], 0x6}], 0x1, 0x48080)
r5 = syz_open_procfs(0x0, 0x0)
fcntl$getownex(r5, 0x10, &(0x7f00000004c0))
preadv(r5, 0x0, 0x0, 0x47, 0x0)
write$sndseq(r5, &(0x7f0000000080)=[{0x1a, 0x0, 0x8, 0xfd, @time={0x1, 0x4}, {}, {0xfe}, @result={0xbf, 0x8}}], 0x1c)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000002600)=[{{&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}, {{&(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000a00)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}}], 0x2, 0x50)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000240)={0x5, 0x800, 0x206, 0x2, 0x6, 0x14000000, 0xb, 0x4f, r8}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000001280)={0x2, 0x3, 0x5, 0x7, 0x1000, 0xd, 0x10, 0x80, r8}, 0x20)
r9 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
r10 = syz_clone(0x20100, &(0x7f0000000180)="dd5774b5f42ee1a5346fe8db6f86fbf4663abe118fe519186e1098ef7999fb61596d511c6bb78b6cf29d0223aeb767167177e02ac2036ed0b72816ce8db6c1577a8e435f6057f7ae91e6b6cad268e18a0ba096e3a7b2efe2681ec3a463fe147cf79b53b9bf2e8698818b0d84d9d57d8bdf2678d380b9ab8534e4574d7b90014c4db3316cffcd2296c2a4b8d27f037ad96d9203a51d728bea1517be78056a487575048cad2cde4e10f3611fc889c0f7dc8186a246a7ca24dd5b0f6808aeecc179792551fdc3bcab0e7dbe87dcfe7151dbb47b1e0454a601edb4aaf2bad743a5c68a17581d7943ab92f7443091b796cea7fbb3cfd5eade8d1bebda1d77bd0688f85bc9a090dc02419c136aec4ddb718b8d7d0306f1448a248cd0d42466ab5fd3945b9a9f96f6551f319680f9bbc591004de222ca5a0ef541dfefb14348ab20f38d8887cd1e5d7091e2f634bc59e3d03800f52746a30041da59ba2c1374c53fc914e8c00353a8d2a96e2d907f2793f2cfd12d4d515a6057db04a2dde34ad0d7252ede3ba220b552fc79d5dfce4a2c6cd0c952474339c13b8050dbbbf06c0193729c342d444b09f8714a581d86fcde0d97551d7b72c43c4f489a6ff502c56625dcba99cd65d231e8b0080e63f5333b58ea42c7112739f492bb34ebbbe2586f107f669cea546cc640e57873ebb256a3840205d86255460b32619d6640040b75be1db23ad3f68669f28ba9a3a117dedb4d554450fd275c76d6deda68032dbe380ba945be97d94230fecc8b741d5f5771681d2b576a0cadb6a8036e993de9d74b82ff270f65e31dcd1a37b62c168579abe3b9d3abf5d5a5fa48755b435a1e0fd4d6b7165869dd3bd2e1e60fc9a20783fac033304ea6d19339c2eb177ec67ff8c18e54283e7f69bc12ecc3cea2a400920138ee97a5be6664232423b4a2ebae5b01edc34a5795a6a490b8ea12379185c2d5e31e7e3ccb11ecfef9dad9681bc1eafbf2898ff1703432f2c3e8ca257d79dc9ae3b1bce112a0e68cdc6de5ec66b070c43ca437f5f87e270716287ed8a38d625beae9edf99f8f72df522afa903164b7c1ecfa7709640f82245a4255fe86098dcc6d9a9f39dc1a9d508ed0e6b90ca9c5ca9cc7ce6aa1fbea1922e45c98f0df2c2f89e65ec0dc9c2de932ec803666d7379b162ea742b08785f0613bfab2c9cea06e1a29fbdade3bcefb5a362390498d438033dc159c4c85b2a83ce489c630a7f9816064341a5e5b21c5f66eb7e3ed09b2e2ce548fcbee3dc7e958f3819778814489c1dc364b08d978b253cbb37fe5ecacb3f5c5761e73dcc4d4b50619e85e45912c3aeeb9729e38a7e66b12a43e4b064b029ff8063e401fbabfa867086ae74354ddcac4b7dc42cb958acec88aa709c849b4bf1190f883325639885642c5bab1dddc9406f67f39313f638867033ac8108ff6ce861e1a3eeb996b509c8217172e42c4584217f27c284cd16cf4b24a014b6fb3a927346c9eaf4b860196df49ae3fe41db5de8ee092dbef7cd556cf177b484f3cafef83491549626eceab5f6ce8bd7bbc9d1c070998f693b752ffa23bb6d5435e8bcd64cfd164a4c08604dac4a7286891d5782c12c3a9fc8887164d8cf4eedf052aa522ccf3a18c1f9182e2d543457a1b00faacfad79bf370ecc68cbe814fcdc789e8eb9c2e25a692ea0af8ca055f98906cc8716cf419d70c4a114a73076e1a68e35046224fd90a88cd7adb4645ce000c35cf47ac0fd3587caabfe6cee9e004e331f3023645ffdd814e9c6a2ea89bc982a256b74e5fe8567a5c3cf82e7315b2cba0de5e8c26ddc2f84d9a9e95c08be572144cc3ea2c2bea93462a059ed90129354ee7338827af1b10b9361a2fc4dee553656509470d853b27f3e68245fa1f0320c2edd3865eb9e206a5542e73a4dea439269ce923d98728b498c83b90d1a07e68b614256b191a1beefaa7fe284444a1b1f92b0641e96fb532916dbee66d6cf20558a4e2ce0eaec31e6ce3af3d6c201e68ec8966ff68218abe0b11b849ad7ae0914aa83d5d815d8c55ace779568d21bde8f185c3c9d7fc2101c90d9a415749dfcc6c8164bef1a7c213f0d3d77a1a00ef7acc186ba57d709e01f6845dc950f8b1cf60c59a36e9d7bcb06f2c575e502e69c5bf683e0b0fbdb1314d011c501b544ebe4719752b2b23bd0b80752556740541ecb95a50fcc5cdc42d0af1d8e99b0b8d856b1a8b0309e6ea92fa4e94ece12edff3fa05c37553bc39e9d843de23f70e92a564f55e8d7a63bec47d36ab3cf6d7fc9726b86c0db89e1c6a6da88ff78434d473c045b7270f73f278511ae053bf1465d7aace07a29365ec87e3acf20073b3f84bd82d98a5f034f5b6c970b76d25528aa8e3e68475aafe2b99743cfa2a86bc5dcd5870d27c48ca8f586a6a7ea00629367dad51b2d5531514df554e22302bd18049b55554942e7cbda805a3d1416ac0dab44599942867ed2f492a3e60cb69fa061a20eee45e4709903083d959a10eca14b2c90dbf72d2dd48a977fcebd8ae1df5f3aeab046d31b6509c3b45cb21afb4e4bb87b9856a44032f071dcbe92cc48f6d253d007ca0d6d05691a7e6381eb89c17c355b2c69bd761629452e11c7ecde51210e7fc3c0974313e8786437286bfc19035fc1c44bd75d0dd1b0176651f52a9a29d76854593eb7a966a050c3d4f826aa7e8c08330e352fa0638a356b9ba54e849b3bfde562e51ae75a5befddcb6de59065db1e274a52b2c5ce99c4bb6b18c29734c95b76de32e8c05d0eda2b09f092bf684694193ac03717f2721a6fb4f418591ed92d3bcccef6f040f8654766674cd827975bc963d03e3af4e15c48a3fae5dc633592867a3d72b0b9c2cd97bcdec8763f2a386ee4d7fd1c89b423b22061bee5b5e5b066a41cf5e32f490f15278fa6c05e6787174dc6a53b71aaad587236a8f80513dec777711061620dbf446042db3093a3ea8a6fa1075d14d1605af8817696b7888f0e9b0739312d2c1aa3f6cac36aad17826084bc726628c88a2948eda0e80d84e714770e032dc5e9026cdda2494965cf7c7810a61afa8a15cddf6d95b0fef12024b8639c93d8c018737439ae933dc43b98253aaeb8a984ee99c21d4c470fe6b520f6fee08eaf0da1f4888ad8988c19a0502c426824bf772797c9935d3dd9eb6ca2069a31ff6e9d04202f9ba63a65c3cbb9a755031dbf6e7bb7854e91a6c185ba60d628772f99978bfcc31af913805a91ade9d12a202c47fd9270401894955bb62760236170f2a3306c0dc292f526c09b00ddbbe57e43d8842b3217e4a7ab6bb3ccd06a35827fbbdbe7c17f2e44543c6ead214df644150405e3cbfaffe33ce29292207ed04a0a5542670a7bd532c1b34864862bb8dbb3d8acfac82ed8aa22a597c7d933a0118c39ed254c44342bfca0791d4db8c73103af92a7953916992bad35d736758dab841508795fcae7573d244c5c9e75d9a2cd2dfe2a3b51080fb44c340f58cc8dc2a111e925c22e19554a5fa8797cde4bfe605f2508567db562c26371f4a95afa119b5fc7eb7cc1c9f7bc55e3afa04bc9d252f8c27fbbd4ea3ac591b1a12c9c6ffa781b5e5972f334221caca3d1bb38db3cfe236c4767ebed904859a6188c2cb9ea7d3b2228ac70d2d7fcebefdf62206a797364cd9020f1dafc140ffdc6cdacb2d5bf3c4dcb819954cccf32b77d20b09860776108148bbc64faa799dee5275ec0b70dd7d1ada0aac37612671b0176f87bfcc3ce8904977c3acaf8a763bf089311ac0afce7b21257c5a9089a3caf159fd8db9336d745a772fd2c31107f3094bed93893116ee707e804572ccf87c036e78cdab055856371d1318e0ec5b34ae795af1adfe9389211062472bcdbce9494054ef3eb69ac126ebfdef152df46ccf07ad179b4596181e5f8c6fec891dffa055f75f49bb11da7490272b8f8dc8aac033cdf92a27b6c46a96a6817ff0129e6ebdb45197f66b52066cf3a3418d1dd9ac0abb77a4a9017f4c2307479a9e8a9d25ae441696194d2fbcbf9bebcb3699df669942fd9168794fd2bd73c40bfdfb9952bd0ca72442ae3d30a2340264289a39d9597d02208035ddb3f84dff5454937b8b6418efcfefb7a41fdc93f68c1d88e8b24d8796ea0043a86c72a71519b83a8416afe0155748f2819da06ff7104cc570d095b2258877f1e98b4c5b751689fcda08e9b02ee3ca8f53ad1f7cb3139cf51b84f1721873002bc8fdf5713f341572a3976a07152f37cd400b0f9b0472844a3a7d83426db3dc88ee856a2ebdba1cbec9475b7abe52956f0f6bb0c81e2ac0e69167f92fafa09a43a6d622059bfed45391911ecef9cb09095a797b16a1c54231082b3799df62b688c875e80148493b15b4a691c9a27c96fa87e62879346dd2bed533d54f5ecc929804fbd85e16b12a7093e42337682c1e8f740c2060201d27170e6218bcb328da27466c63e556cc2e65b6ec670d4de45744ab5b71d15284efb51b3d5603bfc28112416b2c0913c44b1a7f0ab9f51fcc36d945b88a2168551995a75ee2dc3c091c24ab9b33ec3ceb3bc3987bda1bba9b99f839a5529b06eeb4774f50f4f4200c60e56a5d5a57deda854c0c8b0bb03f555b917540c0a220caab50632dc884c7c5fdb3ef6588692c8e154f3b937b11fca02050e366b43df1cec210c81435ee04ef6983df8decf63bea223de9ffdfc6dbb4f9f07ac4ea3be6875909020beb107cf85e922b6bdbc3416e822c7a488027d895fd77aeb373d816753ea7e4bb54a965e712af18e6739866bd8ad25f2a2a349919de6d0d942304eea479d531c7b11c618fe3e2fa0bb3a2df1030c685cc176953aa942c2eb2600726e3ea0812c0a8deb1f7e6d691cf63b86cf10f8ddbc9826d9ad90fb1ce000718d5495d2b81194db687874586ac022b4e2d6651b2e7646a89017eb85a554ecf35516486749df2f9dd3c3ad176ac31f252f05a812f02b468e3c310c3050446f150e3fb636dff5a13a19a3f9804fde7e7d6bbd9052f66120ededc0fb87e508fd5807a7853861fd046a19a73910adc2fc229547bcb9c18b1c463d2cf7fbc31ff0aa00ad7e03ec1da71f83adce0c1ed6f362a6ffbf9fca06c12013fb4c59e9e3b07e035c5b9bcaafe8beedab51eebfd18e13092333407ef3f3612fbfa57221bc9af91c227a31c39585ad9d5335c8443309abe02c2f80b675096abe76a993e5c76215568224238f2bd65f6cc0a325ca217b4a85162f89eafa4894a5b48f16ebdb94898253eafe4c0b019e0392d7114aca75f1dc9ffb9f10fa450b5e3a517ba93cd634b6c557d601500211eb2dba6ffc6b833260280ca3c6105ff46c2937f7dd21d0245d6e00f9d6d59b827a645220470315004142e16e278b84f326ed118debc8809502bd46fad8e49ef4ae8f8346319837c116bb53cec01faec003c346ccbaf2fcbc81808f31aec0ca5e46f32b4e91a8b56e87a8f24ecc9cd8bb04d956d5502ae1257f51a4b5c2a69f0dac73d68b50427a5336e4a14f550260f878efa060151b255d3ff5443fc1c242e3b02657d37b007bfeb7ce5648d1b181f358ece23d6492e6b80455bcbfa17536012a346fdc4aa383962c4eb4fbc8172e43e8cc981e10f15efcb1e8f0add5a044eee326ef70a553052af55b0110e0eeae5b2f9189a7ea9d0ab4dc143d5eab9c1c0b245c68812c54670435c9d1b032c2d6a75c84608d5b226c05a09ec88ddfc09e4b13ea96a114c35d66f36e66deb66efc75200b6f6f1057749254e725997fcc66fd7bab457c5e1e8d737b67d875712f9d2f0c9a05289b2e9b9cd76f12ad9defbd8", 0x1000, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)="0eaa18fca281bc229937f6ce54f069f43337b9300bdb3ae4ddfd2346dd6e25efe6996b3de984cd31fa4ab26f3848ccea7fbbb845d9a71fabc2d0")
r11 = openat$dsp1(0xffffff9c, &(0x7f00000012c0), 0x1, 0x0)
ioctl$SNDCTL_DSP_SPEED(r11, 0xc0045002, &(0x7f0000001300)=0x4)
write$cgroup_pid(r9, &(0x7f0000001180)=r10, 0x12)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009702"])
syz_usb_connect(0x0, 0x2d, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b000100000000090400"], 0x0)
r12 = syz_open_dev$vcsn(&(0x7f00000011c0), 0x4, 0x4280)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r12, 0x40505412, &(0x7f0000001200)={0x2, 0x2, 0xf29b, 0x0, 0x4})

2.431139675s ago: executing program 0 (id=2881):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x1080, 0x1}, 0x18, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0xf2, 0x6c, 0x44, 0x20, 0x84f, 0x1, 0xe0b8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb2, 0x84, 0xbb}}]}}]}}, 0x0)
r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$apparmor_exec(r2, &(0x7f0000000500)=ANY=[@ANYBLOB='stack :'], 0x11)
lsm_get_self_attr(0x65, 0x0, &(0x7f00000002c0), 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0xb)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000000)={0xeeef0000, 0xd000, 0x100, 0x0, 0x4})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={<r4=>0x0}, &(0x7f0000000080)=0xc)
tkill(r4, 0x1)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_usb_connect(0x0, 0x24, &(0x7f0000001d00)={{0x12, 0x1, 0x200, 0x59, 0xfb, 0xfa, 0x10, 0x403, 0xfa78, 0xbcca, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4b, 0x2, 0xe0, 0x5, [{{0x9, 0x4, 0x88, 0x0, 0x0, 0xb6, 0x5e, 0xcd, 0x50}}]}}]}}, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
listen(r3, 0x10001)

2.249481991s ago: executing program 4 (id=2882):
rt_sigaction(0x7, &(0x7f0000002000)={&(0x7f0000001f80)="c4c27d2a1d29000000c4e1d1f918c4c33d791a0cc4e285b800c4e13711e2c4e3e57dfb0cc4e2152f8c7400000100c4c13ac2e900f2cc2b9dffefffff", 0x10000000, 0x0, {[0xb2, 0x20a]}}, 0x0, 0x8, &(0x7f0000002140))
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3, {0x7, 0x1f, 0x1000001, 0x5069f481, 0x8, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
syz_fuse_handle_req(r2, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x22)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000800)={[0xfffffc01, 0x3]}, &(0x7f0000000840), &(0x7f00000008c0)={0x0, 0x3938700}, 0x8)
r5 = syz_open_dev$swradio(&(0x7f00000003c0), 0x1, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000400)={0x8000000, 0x1ff, 0x1})
r6 = dup(r1)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x9, 0x3, 0x308, 0x0, 0xffffffff, 0xffffffff, 0x178, 0xffffffff, 0x240, 0xffffffff, 0xffffffff, 0x240, 0xffffffff, 0x3, &(0x7f0000000440), {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback, [0xff, 0x0, 0xff000000, 0xffffff00], [0xff000000, 0x0, 0xffffff00], 'gre0\x00', 'syzkaller0\x00', {0xff}, {0xff}, 0x0, 0x2, 0x4, 0x60}, 0x0, 0x110, 0x178, 0x0, {}, [@common=@eui64={{0x24}}, @common=@dst={{0x48}, {0x9, 0x5, 0x0, [0x6, 0x0, 0x6, 0x1, 0x7, 0x0, 0xc, 0x1f5c, 0x5c, 0xfff, 0x2, 0x2, 0x6, 0xb, 0x1, 0x549f], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x3, 0x2b7, 0x7, 0x0, 'snmp_trap\x00', 'syz1\x00', {0xffff9650}}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24, 'SYNPROXY\x00', 0x0, {0x2, 0xf9, 0x1}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x364)
r7 = getpgrp(0x0)
syz_pidfd_open(r7, 0x0)
r8 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_QUERYBUF(r8, 0xc0585609, &(0x7f00000002c0)=@fd={0xdc, 0xa, 0x4, 0x10000, 0x8, {0x0, 0x2710}, {0x2, 0x2, 0x4, 0xfc, 0x3, 0x4}, 0x7ff, 0x4, {}, 0xd95})
ptrace$PTRACE_GETSIGMASK(0x420a, r7, 0x8, &(0x7f0000000000))
syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$getregset(0x4205, r9, 0x200, &(0x7f0000000080)={0x0})
r10 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x801, 0x0)
writev(r10, &(0x7f00000006c0)=[{&(0x7f0000000340)="d356", 0x2}], 0x1)

1.567559367s ago: executing program 0 (id=2883):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x8020, {0x0, 0x0, 0x0, r4, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x200c0e9}, 0x20000004)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r5, 0x0, 0x84)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r8, @ANYRES32=r8], 0x44}}, 0x0)

1.215907132s ago: executing program 0 (id=2884):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, r1, 0x1, 0xfffffffe, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x7000000}, 0x0)

996.773169ms ago: executing program 0 (id=2885):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x404c080)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x48001)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x480c0}, 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001"], 0xec0}, 0x1, 0x0, 0x0, 0x80}, 0x8084)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f00000001c0)='net_prio.prioidx\x00', 0x0, 0x0)
preadv2(r5, &(0x7f0000000040)=[{&(0x7f0000000100)=""/65, 0x77}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'veth1_to_team\x00'})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r6, @ANYRES32=r8, @ANYRESHEX=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xeb)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x1528, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r11, {0x0, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x14f8, 0x2, [@TCA_FLOW_ACT={0x14ec, 0x9, 0x0, 0x1, [@m_skbedit={0x134, 0x6, 0x0, 0x0, {{0xc}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x6, 0x8, 0x7, 0x800, 0x6}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0xb935}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x8}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x9, 0x7, 0x0, 0x7fc, 0x7}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x9}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x3}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xffff, 0xfff1}}]}, {0xa7, 0x6, "ca4297efaece2e1164328fff10ce6bb9b65c7b88197874344c7ce105a7543211c571643409a3d960e33212987c61f6f973854a8a69c78e401b10c66750931f1f08cf3216050154bd79188617aecaa627a4cc5c281efd0ebe7e42d33c6aaa0e38273bf66e1c3aa38bac5d3fb27877a3035c501ba717ceaa262843ccd914e60c80d68cc7a4a8157cab3d52ac91dfd565a6c38c91d628d72105da5e9edf7738618c4480d2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_vlan={0x1058, 0x20, 0x0, 0x0, {{0x9}, {0x2c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x1004, 0x6, "d41b61c9b58a3e1458b3df8c9c0a654e5541436b2f97fddc716c1173746b6bd31efb2ecca9c45b9f35fc107314cfe7438ee389b6df6318c6125655d48a85aea9296a96a6c0bbf5394263d146c1d6299846e780c40afd4838b4d30fcd7193c758fd77966f34c7841543633ece8d9018392f6384a6fb9d46cb98b740e3ed3821d117ce294f0703cb2ec68fa25986d3dd1167bd446057f7f30c2ed3db56c6ebcc1df50356011066b4e37f2064bf2de9d18f33e0ac67000b1d333b2f67c2cc039d010f3d6410157f2aa50ebe63f3cb517176d1b01a3d5e67c9e2a9d8049ad7e5e97c0dccbcc4057581fad3b8142b89a6338508170b900064db4bb8c3b6713e22c8c5e4eac739bc2e13acf4f0dc0ff515304622ca04ddf16b0d7fff75d28596469926b50467712beb66bfea311955fcd4d7b67986fabe0eec7e813550ee81e0f32766665fb7c8a91efc14b243d84ae7a11602ad43021b9842e2d01719656dea8c19c188f4b5afd66e30d838c5a27b8728f042e016ef0aa48144661aeab771e053027c6e38075e06dfcf5964141937dc60bd6b5c8096b88f231392951623c2798fa210286dbe991dd10f7923dc9e817e6bb72846130065bf8ea88820eaca73f75524c7fe4f1b50f2ad685ce5b4a70bc62854b8a9260c0f363dc2f77f22a57073a1dd381a7ac696e89bba767489ae69419a717a5336a3ddc9e0d420da4af175b7cd270580ac9b25b760eb7b7956148c5368e084bd230f057ee56413b1f8f40dcbd89558f32c29e46876ed787599a60645fc06bd7d9beb14436dc29f19216abf710b48d90bc4bde55f634dda7695565f3da6296bbf3bfd8b09e2d72dfe42cced2d7ca1eb1d0e0cb7a6d6563a84f7a501784fda6f02cc5fe547d34aa1444a3817e6f2fc0e3e0ee298cfff207a622b5ecc40c8969060f7efe7c21ea6e2afb9e9a4bd8b0ae7d6f3275674845d56f5675de599a227e8f7a932c897660ac44d33aa101446c3b4a0dc83342c43a4eceb5eb95703108e532b82f616ed3978001426979443e7fa6b86d3761312026b8887227b2b4351b345f65fda1e8edca7e84a4fe074540db8677daa37b4437dc454403f0a1e5e885d5ae62d149b30d49326abe119e190f06af0c121342484a98b72d115ebc05e3c4e67090d69874b3158965079337deb2e7914893a5ff189c56895582d4cf366a49051f11754be493baf069e2d069581056b0d568774baba1d8fcb1dda51c2025dc2c4b522ecfd23b45556af577c3b4711759073693d8ad0ad9234d35da034ebbea9759439cdf1844d8155ca51ac3ec0682efdf018bf9905be3358268704d045d48db72ad80fbf985655746f5ad54771b264b0ddad580937c73f4389efae31380489a3cb8fe727b670aabed6a3cf9aab068cfc8c33e1fcf6bd93dc142e5e73f4015356ec1d8c05362694019faae4f4bbe561dbb3b4f8f8f09e55cbc5e8d15edf0b36fe7a7d0ff643ec05e43e0bb2017383505ba9017d0748993178da52ecdf09e4a91317cd316a6247a00a9476855f613c7469e1d0a4522205a8cc1fffe275175da8cd4a2d1829d15de643e049a204c18daa10fe8c3d0c1e34b7295cb3ba59fd62892831658cf29f1e3040c412e81c9a97b6b5f1de065474102ccaef565ec1374ecef32b5f7e81f8924dab563d1d11403398b53a521e2c55d228f8ea21b0e9e5e9d4ee38eda3c97bdcec319af274314ce7bfabc5378fb596ef91da6b155c4d974c22677c3d929fdc8269838dc20695233513c7b2ad28b626d6eb0dea356f10624196edf47b1aa31b9da04295fed21bfefee92a4a1373018a937c8969fc8f7e97e3ce5984e57d905ffa62a2fe6ff9e6a5a2bfd6dafdb23b3ae7d8f142f862b61102d77cde9f186b41c199459e72e730c7044f30e78de0436cced0272c10a2c8b015816bc8bcee332ec9eef31cff743682cfc4257781e15ca795b22682eb68018d1ee7903e12286ee0b15a630a75944a4a67524b4a658a119c2b910256b0d24758e8ffc0c35a665286cda67d4423d349efb162572d8a5007476028a6d8a33184b6d08589cc8e10676805d8c625f1b732ef50f62a75aca75ee60aa80a0cecb5778f0fab75cdb235b369ec454131e851a45f0ddc96d1b9c7624d6eb73ce12ef7f254ccaba8007f9fad04a82cb55e97733079903f8605b4151f624ff5c6ca99ce17f08cb6140259d20c58df08ece43e430130fc93ab06dcefb5579e3dec92ada031ea2e468b66c22568ace5a6af9412920dbc9eff64afbf9c0e29d49dae73fce6dc321b5b3c4d7493176a00cf6fd211055dae12f0341fc1b5dfd18494b3dcee5e5341b9cd3fa286782448ad7af13134ecdc85dd7a9191bc1a7007112935b6f7559e2ef37b69187bd0ec583c362578db0f3483cd52e19068ad88582f99c67c2698eaa7977eac8546b422652da309f07ba7f21260e183160a9b2e9b1f2e3579df4ab59479792890019f477c164b6c1df5094f0f45c59c54d307aac395b635978fa989f22d0107f54f3ac0f59b1a0d7aff3f3725ec81e5fa1facf47f2ca017d70e8159194d7f7774a97d90fb4e8190b93fcb1bfeb0377c4b920f69fbe9ba7402408cdb4d52630fe9997ccb37c122cbaf9942c467fef6f8388f784c3f98f290e40422f44f538cf3e0c963b8abca1733ac4618e4db1b45a54fc0751dabe68a396b628f9c407d6b741a9d5214d934269322d5d404f60190a83d55c2b30b219ebde994ebfede5c5a5831aa285b32a057c8a89d281da27e2363f6f9bf3dbb296463361ba4c04904391b9d7f9bdb524622b6c6f05c1bba6cbcf52e66a25bb7175426f4587d3411faf01f953e797bdff68339aa0e2a951ce7c4c48d1a133b730d18a11cf03c62380e0688f7ba268d776a12fb586ad9983a54852f92455782211e41f3b1ab83f507ab764e740a8614f958f2c6088e4170aa1077f4241b07639ba3598d7d6eb65a2baa26052e81457855412aec5c53e4ebe82ae934c8b0fcc93aeefe04f9a68b979112a6f778d73c7cf46c4d502758359c858fd992a7f5e9c507a190e2cc7a5d0971912f47ff22cccdfdb3d36e78af63c099d32972510953a9b31720b940c307bf323d8cf76a62bd6f98b1d133cf7ca2a79ddec10918cdb95130cf4ecbc58e795a38feba70d789112a3e8b9837743b7852d23a3958dd525e6d60e6f9fea425449ed588ac5f7ba78aeb083209865be13402128b8b82dcb0ae818d092c393000ac59889850dd405d076c78a933917d2c24bf308aef96f1a4437ebc11318f21f1558130b8010a754668bcafc428316e589d9556e92e8c590f392234288d6ca65343d6e9233807f6c463847ae710768286bdc5a0f0467ad8352b090e0b76c17c05ddd719e931de830371f26554fc780339ddb18313f7a01624ccbca89484255fa8b24ee905074d3c2586e51488324a2198965cb9a90d7ada0e8bc8b6b728d5af048ab113fce2120cced58a6bd5e3cf5283876ebd2936c586e3aefd078b42b638f271f2fa2ad1a1d37c85651b4803fa11dd7354757da309314da7bc11c8c4039904d8b8d03eae53f62f6738a1877a1cd379293ba06531e9b43e5a960ca7eff21b46e0135f6ce4bc2d040ce121e5d1d4d7591d4fd7abfc47d6009ac295dd0c69ac21ec6ec369a68d168c8095c4dfc7f77f7d0c0feeedae307117a120d403eb1d8aeb8daf904709c4cad28b1818b761387ad0e960bdaee8c6220900d69293892c66bee8f6d4a6793e35ffc3a3742106cf2c559e172b9f18c424da859210a647ad23872fe55cfa626cab9d39c5149b5a8db3a1195c5f61f92c69438822896d16afb8d8f2c206dfae3bfc1f87e00ae1a3842994f072dcfc30abc308980f7969dadd75de1a19816320ae9dc360a26954dc6a0f6e8ef681d4bc7996bd418d06ac2ad0756fe6e4e6a4c5a32cfd1ba470e4373cb2fdc4718cf9b1005d49d91a50c140badfda385c792d5c9b4c72adf348dedbbf6ebded7df12076fd8ae6553cb070b1966251b3554d921cd4d1e72ad84d2d1581a42574bea8fcc283e075f9e07cbedd6c1cc41ce1989a4c2ad7fb02aa52dd8a46febeee9f3b1bc9e5747953182144f19238262971f90e8b282429757980c52406588a7d1981c43d6ae2787d80b4a5b028c081d7cfd02daa8e0a8c97355738d8b606c11d85cf8a86bb7be4bf6deea20700e1f777037f9869f0f0cdc8030999e39935769e93b24d5a8771282996ec81a31f8a066b0a5c0ddab4af34fafd6476e1de16538f9e2c780437d3697f0837ed7a3c12c1bc78fc8822f89f1da2551638f64c680ccba08df31f9fb1b7c6d15b98bae7413dafd86d6f0bbdce32d444f03491933d6749f585aff2e37ffa6fb47f8a9514b1dfb0e8a8c3c24a79104b7185b36bc274d5a628d3f19c4d2179a33ba11131ae857dde44fd5750b8b247ae9a67f6dbb1e54600bc47c983016832920f5241d0a58cdfd14d0c20d8f6ea805a75fef319c9eb5575011df5566128bfec0a578d2fd12844f94182275153f7630e425f7b9c30a6cd91c5bc7e5d1ba5acac6c39425662a29470adccd84e518e06fcd8254fda82d1ca5735b1675e8bf9f1a45a9692c649581e6c72392b8b8f8634cb9db7f350cf75291e97a975d2ff8f35c60ba4ac2404654539ec988ee5afd40c2f94a4917a2ddd2b1d1cd9f5b48c3c283f2bc32ce8af255bced17f3b2e1cbf3997d0b3ff1ce37b31af8bd49e1acec666414dadca1107715880ca59a55e90a6df9dd9095bf4a48240d632bd643d5907bb9d521daf83e1325aba8ccc9994c84b3c1d1420d94ee4ac4aee6a3eae58ad028b62ff5ca8b0ba8b1da279eaa465cf731625daee2e003e637a5dc36e831d62dd40bd0be6af897b1b9fabc3943aca2849539839386c0ed4f69d03a23e44ab32c9f1448a003de8b9f5c2af296009a93417a857fe49c38854219134abc996bec3cae21f1e1d17e212a8fb3b51443c9083b56f6a2420ba991ed4d537ee3776956e0803b47f42681b10504df8efc45403dc8b266a1e447c622bc583cb08761f4a6094937a1d36ab925b24552e9db442e5a559052b48c5a6c61d25c3ee801edac29f44e9cf8351561ea7eae63c0c99af53ca03c064a6c48ea9275a01f6ad435edc32f925e8d4c7839707663fb9d2badf5ddc76aa11b48b14fceceefdfa477fec39467f110e79acdac08f215c225cd9496c27dfd6d05233ed3bee22d4132728dc87e4cae3caa5648343b21e1363058630cd977228b142bf5272fd51c1c77fb43087eca1ed8e3a4b6a1b9351d4e101f98efd5e79778cac81dbeece00f57ff6f2e40b1166a9b7aa401a691433f3df40cba18da84325581d1136e1ce681efc59479a9eb843a17ac1b1508cc163ce17ba1589ca8cd1174513fbdf98c1dee112b56d216fa9893892a3609adf05bf363198e0c570d867916c9f6d102d63267c8be00513cedf96fe5fc1db8bf01e3b923627acaa6a49d310868676a12594d0087ee6816baee2ffcacb0852e8930f6d94ed8f3c280eb03e29ba8c6542b17532845c92c86f6b9904b5d6d4e173c32147bdcf7a83ae08f97f17e2c278c8be3bc1d1e7f6faf418328e21247d1d44f4ac47a39f6dcd876d2dc367bdd4005828c6f3f5452069c489d552107acff24334a4580b4e941948f9d328be01af139a4ec7dd3f3e20b0523cffe9dc76e854329679eca26e699a57b37f278c83a5d94159cc8f91b64dc3e9046ae801303fcd9bb2fc6d13e1909311c3e80bdbdbb22ec024825e677056fec0bb937e16a14650e4998d848d0b73bf16558651e136dc67e9ee0096f3e2fa2e9f883a"}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_police={0x9c, 0x8, 0x0, 0x0, {{0xb}, {0x4}, {0x6d, 0x6, "e81085b5135892399c64ae8689a244b947f038f89ed6cb612210d5ae15c59e2ffe9b7ba790e9e5353eee54464e4ce24f9b33189770a922fedd80a64dbe1cf3f2c7e80cc66c4fad3d51e2cbaab96653ac3b845898608f06acc800ffc6a0007f63c405e3ef2f23a25353"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ct={0xe4, 0x1e, 0x0, 0x0, {{0x7}, {0x20, 0x2, 0x0, 0x1, [@TCA_CT_ACTION={0x6}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}]}, {0x9e, 0x6, "15271c4953755640696ae4fc1e350b0ac323223eb299830384fd57ca28bc2f098b77f6d0fe22f37633ae9cbb47cc6013a4c1bf981f8bf55bba156abb4eda25c9c3d4d008360d930b2d96f669ceea8a929b8ca887539158f47f6563aa2ed1729c0d49aa64bad28fc3d17d2a1e5ff033b059b501665bc45356412824a38eacc3fef1d9266bc5cc7b1b5dea98be8f215d69d611d53e2b41b2a0e45f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x108, 0x1f, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}, @TCA_CT_ACTION={0x6}, @TCA_CT_ZONE={0x6, 0x4, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e24}, @TCA_CT_ACTION={0x6, 0x3, 0x27}]}, {0xae, 0x6, "c3f797a0252fce9053725c72948c9fd7ec4e262da35ab6017cf194f48b957503612c57b2fd4c002bd9ec704115d81e63673e7cb9307fb2a9787532996551c671beff1cb3591a77e33a1005243cba2521255ebebb27ddade67e6e4ed030b940fc89fc2cb031dcaaed32c5a488b40c0aaae31ee4358f3927cfcf7fcfe5f9681380ff7b13937c9fb1d7fe709965dfd9f43673153e8630ffd4b3f1b34c0990f5ac1e60221dcad52f5e2bfa12"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_mirred={0xd4, 0xc, 0x0, 0x0, {{0xb}, {0x4}, {0xa6, 0x6, "4aefeb9dc6334ab4ab95e6845f8bdf4b67574ab6513ef5eb054c1a207736f72968247ff98a49dba4b5e4c1168a49c1b6c953f5bf1437a3d9bfe3be70038bf1b6fae1934d4a818e026c3db14f09012e5cbdbe674b4f23624f44021a53c6269aea3263479be74832eb1b61d0377068c88d00f991b9ab4eaa4b1249dc7ef9eae41adcf28dfb938a1b922313af4f5454951c52e1aae0d97c35dce94ecb16099a0735a912"}, {0xc}, {0xc, 0x8, {0x1}}}}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x9200}]}}]}, 0x1528}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

791.765361ms ago: executing program 2 (id=2886):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x6, 0x101002)
ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000040)={0xfffffff9, 0x3, 0x8, 0x80000000, 0x1ff, 0x2c})
r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$fuse(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r2 = openat$vcsu(0xffffff9c, &(0x7f0000000100), 0x400, 0x0)
r3 = openat$null(0xffffff9c, &(0x7f0000000180), 0x42040, 0x0)
copy_file_range(r2, &(0x7f0000000140)=0xc, r3, 0x0, 0x1ff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={&(0x7f00000001c0)="c6d889cf0fa85c437a77bec2220cd2509f402a8fd04779e26ea245d222986341c1ddf75f844dc1296382c869081643a2ae2118b1eee024a2a1e86d6ed1570af085f951a8f0020f69b1e9c4652a9a86bc11a125ea4bcdc9ed220ad5a1fb3006f205bde3dcc1ddc7c858d3a65154df0cfbac0b83d5deb5d4d2d46a9126f8fd40e1d01faa6d2e811c19a73fb229158f45c641e2fafce9962328805be9d3242d6be7eb002413003160f446f98cd70b0753fad4299ca1b800d093372e45ce13d72af1ef09dbf0eee0ed7f5a54da873f041d5bec70a500442ed32f695a197d6fe1c0e7de6d698834a23727fe", &(0x7f00000002c0)=""/127, &(0x7f0000000340)="5d80fa0ac95f2088101c398044e9301711919bcebf79643e5251d4c6b68b7dc8f178652a70526d0a034d285e5cfdf775ca4788e61a7f81b229f4bc4e3f827b313e8561e8ed7d947ee62047d90ffa538626de720d885dd5de38cbbcefebf9b3b6efeab3e854f317478302ae66352c4963b712f0bf1c5f4c", &(0x7f00000003c0)="b649b1c33b7087cab3b38071e013a48150d9e058308c9c61b1ecd05dab4ca13ef09c", 0xf2, r3}, 0x38)
ioctl$IOC_PR_REGISTER(r3, 0x401870c8, &(0x7f0000000440)={0x400000000000, 0x7fffffff})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f00000005c0)={'gretap0\x00', &(0x7f0000000540)={'syztnl1\x00', <r4=>0x0, 0x8000, 0x8, 0x80000001, 0x2, {{0xa, 0x4, 0x2, 0x5, 0x28, 0x65, 0x0, 0xfe, 0x4, 0x0, @remote, @multicast1, {[@generic={0x94, 0x4, "ee45"}, @cipso={0x86, 0xf, 0xffffffffffffffff, [{0x1, 0x9, "eec83066950dff"}]}]}}}}})
r5 = syz_open_dev$vcsa(&(0x7f0000000640), 0x10000, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000006c0)=@bpf_tracing={0x1a, 0x3, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xa}}, &(0x7f00000004c0)='syzkaller\x00', 0xffff8000, 0x22, &(0x7f0000000500)=""/34, 0x41000, 0x4, '\x00', r4, 0x19, r3, 0x8, &(0x7f0000000600)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x19b69, r5, 0x3, 0x0, &(0x7f0000000680)=[{0x2, 0x1, 0x7, 0x8}, {0x2, 0x4, 0x6}, {0x3, 0x4, 0x7, 0x4}], 0x10, 0x9, @void, @value}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000780)={0x2710, 0x6, 0xddddd000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x18)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = dup3(r0, r1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000007c0)={'vcan0\x00', <r8=>0x0})
connect$can_bcm(r7, &(0x7f0000000800)={0x1d, r8}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000008c0)={r7, 0x58, &(0x7f0000000840)}, 0x10)
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x24)
r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x5813, r7, 0x8000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x40, &(0x7f0000000900), 0x0, 0x4)
openat$proc_mixer(0xffffff9c, &(0x7f0000000940)='/proc/asound/card3/oss_mixer\x00', 0x80000, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000980)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x50, 0x50, 0x6, [@fwd={0x4}, @fwd={0x4}, @ptr={0xc}, @enum={0x3, 0x4, 0x0, 0x6, 0x4, [{0xf}, {0x7, 0xa}, {0x6, 0xfffffffe}, {0xc, 0x7f}]}]}, {0x0, [0x5f, 0x0, 0x5f, 0x2e]}}, &(0x7f0000000a00)=""/114, 0x6e, 0x72, 0x1, 0xe, 0x10000, @value=r3}, 0x28)
r10 = getpgid(0xffffffffffffffff)
ptrace$setregs(0xf, r10, 0x3, &(0x7f0000000ac0)="5d7e1ad9ac49477d66e358beadf471881f131ee9d83e709ebdbd23ed705a231b92e6f344c75cda0dfb5374f5d8bcca7e69e7912073589643e48277732bd6c47633d1b9e21eb1066083e4427557a54d90cf5f2166a7f4550afcaea0")
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x6c, 0x2, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4efe}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x1)
openat$fuse(0xffffff9c, &(0x7f0000000c80), 0x2, 0x0)

590.067173ms ago: executing program 2 (id=2887):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unshare(0xa020480)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
unshare(0x2c060000)
close(r0)
r1 = memfd_secret(0x80000)
sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000000b010900000000000000d6761fe10a070001006c"], 0x1c}}, 0x20000010)
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x15, 0x5, 0x0)
getsockopt(r5, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))

347.131743ms ago: executing program 3 (id=2888):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
setreuid(0x0, 0x0)
readv(r0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/67, 0x43}], 0x1)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x5, 0x4000190, 0x1, 0x2, 0xd59f80, 0x4, 0x80000001, 0x9, 0x8, 0x4, 0x97, 0x13, 0x1be, 0x7f, 0x3f, 0x39, {0x0, 0x1}, 0x3, 0xed}})

1.370037ms ago: executing program 3 (id=2889):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r1 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000840)={0x84, &(0x7f00000003c0)={0x20, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000180)={0xc, &(0x7f0000000000)={0x40, 0x21, 0xfc, {0xfc, 0x2a, "9024d758d616f86c9701cf67f04eb0a558089899e329c85f7521aab7ab58fb2e768c5feb40c501a28de025cd25cd7f5bc36480da10a1d3f545fab0f54d4a0c49dca3c8fd08bdeeb729dc5ed100c37dab4ba0d17a44d929363d31a25782f889af310107f44b4da9359e2a6b3b38a762cfc49b972dd72bc144a51738675425545912195d3a1d02139667faa42c5e3d907d2e0f39092914907cce8f58fcc79a9ea0fea101629b5d0a062e65ab4151b09c7c2e4c5de6b446e7cd4174a00780115716548baf9cb84c260f4b54bc9a91e9d810d28848eaf0ab63378608cb43e4ec52a687a56b3e5670bdc09bad8d8d87e2cd251c67ac62343ec27de1fd"}}, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="000ca50000004d7fb863552ec608e12c286d86c06d14e8ab4831d37fec765034f0d33052048a5c06924e5563ed7ea7c8866122bee0ad1d6c5f31dbae9231dab4c16e520ac741a16395be608810a3d1e43e0b816ec6bb483d727dce713810e1f9cd84c6a3306bea3a3ff2b332aa7f82eb0305f49df6d3522ebf7edaab0883c60884ad4cb7adeab95d103e02bed7600229f187e6389cdbf48e4cd6f9e6e9b12d9f7bc91d1244116f3df247989bd059c71872fea1cfbd89c6d798"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x5, 0x7, 0xfffffff0, 0xfc, 0x101, 0x7d95, 0x6, 0x8, 0x3, 0x1, 0x7, 0x5}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000400)={0x20, 0x83, 0x2}, &(0x7f0000000440)={0x20, 0x87, 0x2, 0x8}, &(0x7f0000000480)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$hid(r1, 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
dup(0xffffffffffffffff)
syz_io_uring_setup(0x239, &(0x7f0000000180)={0x0, 0x4533, 0x10100, 0x0, 0x800000}, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x40000161)
getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x1}, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000000c0)=0x2)
preadv(r5, &(0x7f0000000740)=[{&(0x7f0000000340)=""/162, 0xa2}], 0x1, 0x80000001, 0x3f7a)
close_range(r4, 0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)

0s ago: executing program 2 (id=2898):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x356, 0x3a, '\xf1', 0x3a, '', 0x3a, './file0', 0x3a, [0x43, 0x50]}, 0x2a)
r1 = openat$sndtimer(0xffffff9c, &(0x7f00000001c0), 0x8000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3, 0x2, 0x5})
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x4000020)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000500)=ANY=[@ANYBLOB="cc020000210a0108fdffffff0000000000000000630003"], 0x2cc}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f00000000c0)={0x8, 0x3ff, 0x2})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x8b, 0x6576, 0x9})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r8, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000)
ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, &(0x7f0000000000)={0x3, {0x4, 0x8, 0x8, 0x80000000}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r9, 0x0)

kernel console output (not intermixed with test programs):

00000000000001 R08: 0000000000000000 R09: 0000000000000000
[  625.168386][T13462] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  625.168398][T13462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  625.168428][T13462]  </TASK>
[  625.436945][T13460] bond0: option ad_select: unable to set because the bond device is up
[  625.698881][   T52] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  625.764257][T13475] fuse: Unknown parameter 'u£Õƒeˆnser_id'
[  625.782078][T13475] fuse: Unknown parameter 'u£Õƒeˆnser_id'
[  625.896233][   T52] usb 4-1: Using ep0 maxpacket: 16
[  625.904538][   T52] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  625.917429][   T52] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4
[  625.928126][   T52] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  625.941329][   T52] usb 4-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping
[  625.957088][   T52] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  625.965467][ T5883] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  625.967323][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.983774][   T52] usb 4-1: Product: syz
[  625.990338][   T52] usb 4-1: Manufacturer: syz
[  625.995473][   T52] usb 4-1: SerialNumber: syz
[  626.013149][   T52] usb 4-1: config 0 descriptor??
[  626.028869][   T52] usb 4-1: selecting invalid altsetting 1
[  626.034830][   T52] usb 4-1: Can not set alternate setting to 1, error: -22
[  626.042892][   T52] synaptics_usb 4-1:0.0: probe with driver synaptics_usb failed with error -22
[  626.115565][ T5881] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  626.128872][ T5883] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  626.140352][ T5883] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  626.152698][ T5883] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  626.167725][ T5883] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  626.179088][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.197019][ T5883] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  626.206167][ T5883] usb 5-1: invalid MIDI out EP 0
[  626.284475][ T5923] usb 4-1: USB disconnect, device number 4
[  626.299237][ T5881] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  626.321172][ T5881] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  626.370380][ T5881] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  626.403156][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.417126][T13474] delete_channel: no stack
[  626.438078][T13482] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  626.477824][ T5883] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  626.478866][ T5881] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  626.528295][   T52] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[  626.560413][ T5883] usb 5-1: USB disconnect, device number 103
[  626.698037][   T52] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.714281][ T5882] usb 2-1: USB disconnect, device number 115
[  626.721513][   T52] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  626.736691][   T52] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  626.749757][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.769658][   T52] usb 1-1: config 0 descriptor??
[  626.791618][   T52] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  627.029837][T13496] QAT: Invalid ioctl -805268450
[  627.205407][ T5883] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  627.355335][ T5883] usb 4-1: Using ep0 maxpacket: 32
[  627.361813][ T5883] usb 4-1: no configurations
[  627.368233][ T5883] usb 4-1: can't read configurations, error -22
[  627.505493][ T5883] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  627.665452][ T5883] usb 4-1: Using ep0 maxpacket: 32
[  627.680625][ T5883] usb 4-1: no configurations
[  627.692539][ T5883] usb 4-1: can't read configurations, error -22
[  627.708091][ T5883] usb usb4-port1: attempt power cycle
[  627.717451][T13508] xt_connbytes: Forcing CT accounting to be enabled
[  627.944150][T13505] netlink: 'syz.1.2629': attribute type 12 has an invalid length.
[  627.991888][T13505] netlink: 'syz.1.2629': attribute type 12 has an invalid length.
[  628.022708][T13505] netlink: 'syz.1.2629': attribute type 12 has an invalid length.
[  628.055321][ T5883] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  628.119841][ T5883] usb 4-1: Using ep0 maxpacket: 32
[  628.128269][ T5883] usb 4-1: no configurations
[  628.143702][ T5883] usb 4-1: can't read configurations, error -22
[  628.275831][ T5883] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  628.325113][ T5883] usb 4-1: Using ep0 maxpacket: 32
[  628.334740][ T5883] usb 4-1: no configurations
[  628.359128][ T5883] usb 4-1: can't read configurations, error -22
[  628.370984][ T5883] usb usb4-port1: unable to enumerate USB device
[  628.454383][T13528] geneve0: entered promiscuous mode
[  628.478829][T13528] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2636'.
[  628.491898][T13528] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2636'.
[  628.945417][   T52] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  629.107602][   T52] usb 2-1: config 0 has an invalid interface number: 114 but max is 0
[  629.134649][   T52] usb 2-1: config 0 has no interface number 0
[  629.154683][ T5828] usb 1-1: USB disconnect, device number 114
[  629.163440][ T5881] usb 5-1: new full-speed USB device number 104 using dummy_hcd
[  629.181388][   T52] usb 2-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=13.67
[  629.202900][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.227911][   T52] usb 2-1: Product: syz
[  629.232295][   T52] usb 2-1: Manufacturer: syz
[  629.250721][   T52] usb 2-1: SerialNumber: syz
[  629.286957][   T52] usb 2-1: config 0 descriptor??
[  629.348473][ T5881] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  629.359116][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.368006][T13545] netlink: 'syz.2.2642': attribute type 1 has an invalid length.
[  629.388810][ T5881] usb 5-1: config 0 descriptor??
[  629.424843][T13545] netlink: 'syz.2.2642': attribute type 33 has an invalid length.
[  629.440685][T13545] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2642'.
[  629.546296][   T52] cdc_subset 2-1:0.114: probe with driver cdc_subset failed with error -22
[  629.823867][T13553] binder: 13535:13553 ioctl c0306201 800003c0 returned -14
[  629.847120][T13553] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2639'.
[  629.915825][T13555] netlink: 'syz.2.2644': attribute type 15 has an invalid length.
[  630.185388][ T5828] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  630.197392][T13559] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2645'.
[  630.273513][   T30] audit: type=1326 audit(1746798574.166:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.297468][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.306256][   T30] audit: type=1326 audit(1746798574.166:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.329883][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.345981][   T30] audit: type=1326 audit(1746798574.176:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.370137][ T5828] usb 3-1: Using ep0 maxpacket: 32
[  630.376233][   T30] audit: type=1326 audit(1746798574.176:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.401512][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.410591][ T5828] usb 3-1: config 0 has an invalid interface number: 202 but max is 1
[  630.420254][ T5828] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.432485][ T5828] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  630.443417][ T5828] usb 3-1: config 0 has no interface number 0
[  630.451274][ T5828] usb 3-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30
[  630.473091][ T5828] usb 3-1: config 0 interface 202 altsetting 87 bulk endpoint 0x2 has invalid maxpacket 52
[  630.486059][   T52] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[  630.496119][   T30] audit: type=1326 audit(1746798574.186:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.520618][ T5828] usb 3-1: config 0 interface 202 altsetting 87 has 1 endpoint descriptor, different from the interface descriptor's value: 182
[  630.536361][   T30] audit: type=1326 audit(1746798574.186:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.559897][ T5828] usb 3-1: config 0 interface 202 has no altsetting 0
[  630.568511][   T30] audit: type=1326 audit(1746798574.196:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.596444][   T30] audit: type=1326 audit(1746798574.196:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.622314][ T5828] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b
[  630.632856][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.642153][ T5828] usb 3-1: Product: syz
[  630.648401][ T5828] usb 3-1: Manufacturer: syz
[  630.654357][T13564] FAULT_INJECTION: forcing a failure.
[  630.654357][T13564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  630.667878][   T52] usb 1-1: Using ep0 maxpacket: 32
[  630.673469][   T30] audit: type=1326 audit(1746798574.236:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.696450][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.703524][T13564] CPU: 1 UID: 0 PID: 13564 Comm: syz.3.2648 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  630.703552][T13564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  630.703564][T13564] Call Trace:
[  630.703573][T13564]  <TASK>
[  630.703609][T13564]  dump_stack_lvl+0x189/0x250
[  630.703647][T13564]  ? __lock_acquire+0xaac/0xd20
[  630.703678][T13564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  630.703706][T13564]  ? __pfx__printk+0x10/0x10
[  630.703725][T13564]  ? __might_fault+0xb0/0x130
[  630.703762][T13564]  should_fail_ex+0x414/0x560
[  630.703788][T13564]  _copy_from_user+0x2d/0xb0
[  630.703817][T13564]  do_sys_poll+0x239/0x1050
[  630.703859][T13564]  ? __pfx_do_sys_poll+0x10/0x10
[  630.703958][T13564]  ? rcu_read_lock_any_held+0xb3/0x120
[  630.703979][T13564]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  630.704002][T13564]  ? vfs_write+0x8d8/0xa90
[  630.704049][T13564]  ? set_compat_user_sigmask+0xc1/0x1b0
[  630.704069][T13564]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  630.704100][T13564]  __ia32_compat_sys_ppoll_time32+0x299/0x300
[  630.704132][T13564]  ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10
[  630.704165][T13564]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  630.704190][T13564]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.704214][T13564]  __do_fast_syscall_32+0xb4/0x110
[  630.704239][T13564]  ? lockdep_hardirqs_on+0x9c/0x150
[  630.704265][T13564]  do_fast_syscall_32+0x34/0x80
[  630.704290][T13564]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  630.704313][T13564] RIP: 0023:0xf70de539
[  630.704330][T13564] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  630.704348][T13564] RSP: 002b:00000000f50ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000135
[  630.704368][T13564] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 00000000000000dc
[  630.704382][T13564] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  630.704393][T13564] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  630.704404][T13564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  630.704416][T13564] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  630.704444][T13564]  </TASK>
[  630.704964][ T5828] usb 3-1: SerialNumber: syz
[  630.816667][   T30] audit: type=1326 audit(1746798574.236:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2645" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  630.819688][   T52] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  630.965135][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.989092][ T5828] usb 3-1: config 0 descriptor??
[  630.994991][T13555] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  631.002131][   T52] usb 1-1: config 0 has no interface number 0
[  631.018054][ T5828] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  631.036619][   T52] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  631.046116][ T5881] pegasus 5-1:0.0: can't reset MAC
[  631.051545][ T5881] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  631.064259][ T5881] usb 5-1: USB disconnect, device number 104
[  631.105223][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.113526][   T52] usb 1-1: Product: syz
[  631.169003][   T52] usb 1-1: Manufacturer: syz
[  631.173779][   T52] usb 1-1: SerialNumber: syz
[  631.196049][   T52] usb 1-1: config 0 descriptor??
[  631.224271][ T7573] usb 3-1: Failed to submit usb control message: -71
[  631.224619][ T5828] usb 3-1: USB disconnect, device number 113
[  631.232459][ T7573] usb 3-1: unable to send the bmi data to the device: -71
[  631.248302][   T52] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  631.250339][ T7573] usb 3-1: unable to get target info from device
[  631.266452][ T7573] usb 3-1: could not get target info (-71)
[  631.272884][ T7573] usb 3-1: could not probe fw (-71)
[  631.412074][   T52] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  631.441602][   T52] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  631.613774][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  631.614342][   T10] usb 1-1: USB disconnect, device number 115
[  631.638814][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  631.654244][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  631.666530][   T10] quatech2 1-1:0.51: device disconnected
[  631.733420][ T5828] usb 2-1: USB disconnect, device number 116
[  631.755921][   T52] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  631.949744][   T52] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  631.960806][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.969072][   T52] usb 4-1: Product: syz
[  631.974341][   T52] usb 4-1: Manufacturer: syz
[  631.979855][   T52] usb 4-1: SerialNumber: syz
[  631.987862][   T52] usb 4-1: config 0 descriptor??
[  632.280192][   T52] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  632.297851][   T52] usb 4-1: setting power ON
[  632.324275][   T52] dvb-usb: bulk message failed: -22 (2/0)
[  632.355363][   T10] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  632.355997][   T52] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  632.394270][   T52] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19)
[  632.422797][   T52] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  632.510507][   T52] usb 4-1: USB disconnect, device number 9
[  632.549536][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  632.581288][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  632.717827][   T10] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  632.747639][T13584] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  632.764253][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.793876][   T10] usb 2-1: config 0 descriptor??
[  632.810389][   T10] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  633.035559][T13584] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  633.041764][T13584] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  633.104276][T13584] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  633.122708][T13584] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  633.403862][T13602] FAULT_INJECTION: forcing a failure.
[  633.403862][T13602] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.433954][T13602] CPU: 0 UID: 0 PID: 13602 Comm: syz.3.2660 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  633.433986][T13602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  633.433999][T13602] Call Trace:
[  633.434008][T13602]  <TASK>
[  633.434017][T13602]  dump_stack_lvl+0x189/0x250
[  633.434055][T13602]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.434085][T13602]  ? __pfx__printk+0x10/0x10
[  633.434120][T13602]  should_fail_ex+0x414/0x560
[  633.434146][T13602]  _copy_to_user+0x31/0xb0
[  633.434177][T13602]  simple_read_from_buffer+0xe1/0x170
[  633.434208][T13602]  proc_fail_nth_read+0x1df/0x250
[  633.434273][T13602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  633.434305][T13602]  ? rw_verify_area+0x258/0x650
[  633.434328][T13602]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  633.434358][T13602]  vfs_read+0x1fd/0x980
[  633.434386][T13602]  ? __pfx___mutex_lock+0x10/0x10
[  633.434413][T13602]  ? __pfx_vfs_read+0x10/0x10
[  633.434436][T13602]  ? __fget_files+0x2a/0x420
[  633.434468][T13602]  ? __fget_files+0x3a0/0x420
[  633.434492][T13602]  ? __fget_files+0x2a/0x420
[  633.434527][T13602]  ksys_read+0x145/0x250
[  633.434553][T13602]  ? __pfx_ksys_read+0x10/0x10
[  633.434577][T13602]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  633.434605][T13602]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.434631][T13602]  __do_fast_syscall_32+0xb4/0x110
[  633.434658][T13602]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.434685][T13602]  do_fast_syscall_32+0x34/0x80
[  633.434712][T13602]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  633.434736][T13602] RIP: 0023:0xf70de539
[  633.434754][T13602] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  633.434772][T13602] RSP: 002b:00000000f50ce590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  633.434794][T13602] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50ce620
[  633.434808][T13602] RDX: 000000000000000f RSI: 00000000f7442ff4 RDI: 0000000000000000
[  633.434821][T13602] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  633.434833][T13602] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  633.434845][T13602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  633.434875][T13602]  </TASK>
[  634.120589][T13619] fuse: Bad value for 'fd'
[  634.238410][T13595] tty tty24: ldisc open failed (-12), clearing slot 23
[  634.752743][T13640] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2671'.
[  634.807369][ T5139] Bluetooth: hci0: command 0x0c1a tx timeout
[  634.880316][T13640] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2671'.
[  634.907148][ T5883] usb 2-1: USB disconnect, device number 117
[  635.125585][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  635.132332][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[  635.141946][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  635.150400][ T5139] Bluetooth: hci4: command 0x0c1a tx timeout
[  635.321194][T13650] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2672'.
[  635.359914][T13650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2672'.
[  635.555473][   T52] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  635.715374][   T52] usb 2-1: Using ep0 maxpacket: 16
[  635.744411][   T52] usb 2-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  635.766226][   T52] usb 2-1: too many endpoints for config 0 interface 0 altsetting 199: 206, using maximum allowed: 30
[  635.792078][   T52] usb 2-1: config 0 interface 0 altsetting 199 has 0 endpoint descriptors, different from the interface descriptor's value: 206
[  635.820159][   T52] usb 2-1: config 0 interface 0 has no altsetting 0
[  635.836674][   T52] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  635.854911][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.869004][   T52] usb 2-1: Product: syz
[  635.876015][   T52] usb 2-1: Manufacturer: syz
[  635.880689][   T52] usb 2-1: SerialNumber: syz
[  635.939210][   T52] usb 2-1: config 0 descriptor??
[  636.155537][ T5828] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[  636.177540][T13667] FAULT_INJECTION: forcing a failure.
[  636.177540][T13667] name failslab, interval 1, probability 0, space 0, times 0
[  636.182945][   T52] hub 2-1:0.0: bad descriptor, ignoring hub
[  636.207644][T13667] CPU: 0 UID: 0 PID: 13667 Comm: syz.4.2678 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  636.207676][T13667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  636.207689][T13667] Call Trace:
[  636.207699][T13667]  <TASK>
[  636.207716][T13667]  dump_stack_lvl+0x189/0x250
[  636.207754][T13667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  636.207785][T13667]  ? __pfx__printk+0x10/0x10
[  636.207811][T13667]  ? __pfx___might_resched+0x10/0x10
[  636.207833][T13667]  should_fail_ex+0x414/0x560
[  636.207857][T13667]  should_failslab+0xa8/0x100
[  636.207886][T13667]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  636.207913][T13667]  ? __alloc_skb+0x112/0x2d0
[  636.207943][T13667]  __alloc_skb+0x112/0x2d0
[  636.207969][T13667]  __ip_append_data+0x2db9/0x40f0
[  636.208017][T13667]  ? ip_route_output_key_hash_rcu+0x1261/0x2330
[  636.208045][T13667]  ? __pfx_raw_getfrag+0x10/0x10
[  636.208071][T13667]  ? look_up_lock_class+0x74/0x170
[  636.208104][T13667]  ? __lock_acquire+0xaac/0xd20
[  636.208137][T13667]  ? __pfx___ip_append_data+0x10/0x10
[  636.208170][T13667]  ? ip_setup_cork+0x579/0x9b0
[  636.208201][T13667]  ip_append_data+0x10e/0x190
[  636.208232][T13667]  ? __pfx_raw_getfrag+0x10/0x10
[  636.208260][T13667]  raw_sendmsg+0x13c1/0x18a0
[  636.208305][T13667]  ? __pfx_raw_sendmsg+0x10/0x10
[  636.208347][T13667]  ? aa_sk_perm+0x81e/0x950
[  636.208375][T13667]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  636.208404][T13667]  ? sock_rps_record_flow+0x19/0x400
[  636.208436][T13667]  ? inet_sendmsg+0x2f4/0x370
[  636.208462][T13667]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  636.208489][T13667]  __sock_sendmsg+0x19c/0x270
[  636.208512][T13667]  __sys_sendto+0x3bd/0x520
[  636.208539][T13667]  ? __pfx___sys_sendto+0x10/0x10
[  636.208560][T13667]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  636.208599][T13667]  ? __fget_files+0x3a0/0x420
[  636.208637][T13667]  ? ksys_write+0x1f0/0x250
[  636.208670][T13667]  __ia32_sys_sendto+0xdd/0x100
[  636.208699][T13667]  __do_fast_syscall_32+0xb4/0x110
[  636.208735][T13667]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.208763][T13667]  do_fast_syscall_32+0x34/0x80
[  636.208789][T13667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  636.208814][T13667] RIP: 0023:0xf707e539
[  636.208832][T13667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  636.208851][T13667] RSP: 002b:00000000f506e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  636.208873][T13667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  636.208888][T13667] RDX: 000000000000ffec RSI: 0000000000000000 RDI: 0000000080000340
[  636.208901][T13667] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[  636.208914][T13667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  636.208926][T13667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  636.208955][T13667]  </TASK>
[  636.218314][   T52] hub 2-1:0.0: probe with driver hub failed with error -5
[  636.524552][   T52] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  636.554460][   T52] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[  636.587737][   T52] usb 2-1: USB disconnect, device number 118
[  636.596690][ T5828] usb 1-1: Using ep0 maxpacket: 16
[  636.604177][ T5828] usb 1-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  636.616821][ T5828] usb 1-1: too many endpoints for config 0 interface 0 altsetting 199: 206, using maximum allowed: 30
[  636.630322][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  636.646782][ T5881] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  636.660899][ T5828] usb 1-1: config 0 interface 0 altsetting 199 has 0 endpoint descriptors, different from the interface descriptor's value: 206
[  636.717421][ T5828] usb 1-1: config 0 interface 0 has no altsetting 0
[  636.751409][ T5828] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  636.806938][T13675] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2680'.
[  636.839697][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.860993][ T5828] usb 1-1: Product: syz
[  636.865598][ T5828] usb 1-1: Manufacturer: syz
[  636.871931][ T5881] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  636.885458][ T5881] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  636.904797][ T5828] usb 1-1: SerialNumber: syz
[  636.910900][ T5881] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  636.930482][ T5828] usb 1-1: config 0 descriptor??
[  636.951759][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.001761][ T5881] usb 4-1: config 0 descriptor??
[  637.017510][ T5881] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  637.025494][ T5881] dvb-usb: bulk message failed: -22 (3/0)
[  637.039706][ T5881] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  637.062010][ T5881] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  637.089319][ T5881] usb 4-1: media controller created
[  637.117016][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  637.199246][ T5828] hub 1-1:0.0: bad descriptor, ignoring hub
[  637.212235][ T5828] hub 1-1:0.0: probe with driver hub failed with error -5
[  637.248309][ T5881] dvb-usb: bulk message failed: -22 (6/0)
[  637.264210][ T5828] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  637.293769][ T5881] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  637.332621][ T5881] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input118
[  637.509826][ T5828] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[  637.528065][ T5881] dvb-usb: schedule remote query interval to 150 msecs.
[  637.535080][ T5881] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  637.566832][ T5828] usb 1-1: USB disconnect, device number 116
[  637.650212][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  637.695601][ T5881] dvb-usb: bulk message failed: -22 (1/0)
[  637.734906][ T5881] dvb-usb: error while querying for an remote control event.
[  637.925915][ T5881] dvb-usb: bulk message failed: -22 (1/0)
[  638.066470][ T5881] dvb-usb: error while querying for an remote control event.
[  638.362492][ T5881] dvb-usb: bulk message failed: -22 (1/0)
[  638.435289][   T10] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  638.464356][ T5881] dvb-usb: error while querying for an remote control event.
[  638.484914][T13683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2681'.
[  638.561945][ T5882] usb 4-1: USB disconnect, device number 10
[  638.607645][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  638.698378][ T5882] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  638.708731][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  638.757276][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  638.773990][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  638.786537][   T10] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  638.805494][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.869098][   T10] usb 3-1: config 0 descriptor??
[  638.943474][ T5881] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[  639.192246][ T5881] usb 1-1: config 0 interface 0 has no altsetting 0
[  639.220499][ T5881] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  639.239386][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.255466][ T5881] usb 1-1: Product: syz
[  639.262777][ T5881] usb 1-1: Manufacturer: syz
[  639.268681][   T10] hdpvr 3-1:0.0: firmware version 0x0 dated 
[  639.280203][ T5881] usb 1-1: SerialNumber: syz
[  639.285953][   T10] hdpvr 3-1:0.0: untested firmware, the driver might not work.
[  639.302300][ T5881] usb 1-1: config 0 descriptor??
[  639.568474][T13686] ip6tnl2: entered promiscuous mode
[  639.658543][ T5883] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  639.672407][T13696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2685'.
[  639.698846][ T5882] usb 1-1: USB disconnect, device number 117
[  639.815252][T13696] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2685'.
[  639.858400][ T5883] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  639.904185][ T5883] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  639.965655][ T5883] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  640.015330][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.076807][ T5883] usb 5-1: config 0 descriptor??
[  640.115015][ T5883] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  640.171802][T13669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  640.183684][T13669] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  640.356407][   T10] hdpvr 3-1:0.0: Could not setup controls
[  640.390266][   T10] hdpvr 3-1:0.0: registering videodev failed
[  640.452222][   T10] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71
[  640.490478][   T10] usb 3-1: USB disconnect, device number 114
[  640.615523][ T5881] usb 1-1: new full-speed USB device number 118 using dummy_hcd
[  640.787109][ T5881] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  640.841619][ T5881] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  640.869641][ T5881] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  640.882410][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  640.893804][ T5881] usb 1-1: SerialNumber: syz
[  640.904187][T13713] --map-set only usable from mangle table
[  640.929613][ T5881] usb 1-1: 0:2 : does not exist
[  641.144192][T13709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.204464][T13709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.483164][ T5881] usb 1-1: USB disconnect, device number 118
[  641.505668][ T5882] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  641.692140][ T5882] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  641.781228][ T5882] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  641.813458][ T5882] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  642.041368][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  642.057966][ T5882] usb 3-1: SerialNumber: syz
[  642.058462][T13722] bond0: (slave syz_tun): Releasing backup interface
[  642.105791][T13722] bridge0: port 3(batadv0) entered disabled state
[  642.277011][T13722] bridge_slave_0: left allmulticast mode
[  642.284863][T13722] bridge_slave_0: left promiscuous mode
[  642.295124][T13722] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.394643][T13722] bridge_slave_1: left allmulticast mode
[  642.449638][T13722] bridge_slave_1: left promiscuous mode
[  642.465888][ T5881] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  642.498480][T13722] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.556083][T13722] bond0: (slave bond_slave_0): Releasing backup interface
[  642.616096][T13722] bond0: (slave bond_slave_1): Releasing backup interface
[  642.625855][ T5828] usb 1-1: new full-speed USB device number 119 using dummy_hcd
[  642.671255][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  642.738263][ T5881] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  642.756166][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.766518][T13722] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  642.766915][T13722] batman_adv: batadv0: Removing interface: batadv_slave_0
[  642.799598][T13722] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  642.818901][ T5881] usb 2-1: config 0 descriptor??
[  642.827623][T13722] batman_adv: batadv0: Removing interface: batadv_slave_1
[  642.839466][ T5828] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  642.881127][   T10] usb 5-1: USB disconnect, device number 105
[  642.884145][ T5828] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  642.899810][ T5881] as10x_usb: device has been detected
[  642.916885][ T5881] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  642.934635][ T5828] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  642.971351][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.001885][ T5881] usb 2-1: DVB: registering adapter 3 frontend 0 (nBox DVB-T Dongle)...
[  643.012987][ T5828] usb 1-1: config 0 descriptor??
[  643.035091][ T5828] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  643.102937][ T5828] dvb-usb: bulk message failed: -22 (3/0)
[  643.146160][ T5828] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  643.195966][   T52] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  643.209229][T13722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.227244][T13722] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.229567][ T5828] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  643.243041][ T5882] usb 3-1: 0:2 : does not exist
[  643.261437][ T5881] as10x_usb: error during firmware upload part1
[  643.291637][ T5881] Registered device nBox DVB-T Dongle
[  643.303276][ T5828] usb 1-1: media controller created
[  643.315803][ T5828] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  643.333179][ T5828] dvb-usb: bulk message failed: -22 (6/0)
[  643.343082][ T5828] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  643.363838][ T5828] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input119
[  643.375407][   T52] usb 4-1: Using ep0 maxpacket: 8
[  643.387519][   T52] usb 4-1: unable to get BOS descriptor or descriptor too short
[  643.397907][ T5828] dvb-usb: schedule remote query interval to 150 msecs.
[  643.433254][ T5882] usb 3-1: USB disconnect, device number 115
[  643.443935][ T5828] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  643.455425][   T10] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  643.473963][   T52] usb 4-1: config 11 has an invalid interface number: 244 but max is 0
[  643.503740][ T5881] usb 2-1: USB disconnect, device number 119
[  643.517225][   T52] usb 4-1: config 11 has no interface number 0
[  643.525006][   T52] usb 4-1: config 11 interface 244 altsetting 5 endpoint 0x3 has invalid wMaxPacketSize 0
[  643.570901][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  643.587993][   T52] usb 4-1: config 11 interface 244 has no altsetting 0
[  643.598006][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  643.604303][ T5828] dvb-usb: error while querying for an remote control event.
[  643.673479][   T52] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=57.8a
[  643.717184][ T5881] Unregistered device nBox DVB-T Dongle
[  643.718335][   T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.731843][   T10] usb 5-1: config 0 has an invalid interface number: 11 but max is 8
[  643.738311][ T5881] as10x_usb: device has been disconnected
[  643.750717][   T52] usb 4-1: Product: syz
[  643.754950][   T52] usb 4-1: Manufacturer: syz
[  643.760066][   T52] usb 4-1: SerialNumber: syz
[  643.788411][   T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  643.853239][   T10] usb 5-1: config 0 has no interface number 0
[  643.855380][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  643.887969][ T5828] dvb-usb: error while querying for an remote control event.
[  643.897661][   T10] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  643.941237][   T10] usb 5-1: config 0 interface 11 has no altsetting 0
[  643.961877][   T10] usb 5-1: New USB device found, idVendor=06cd, idProduct=012a, bcdDevice=d5.1b
[  643.995993][   T52] usb 4-1: USB disconnect, device number 11
[  644.034282][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.055497][ T5881] dvb-usb: bulk message failed: -22 (1/0)
[  644.061401][ T5881] dvb-usb: error while querying for an remote control event.
[  644.119591][   T10] usb 5-1: config 0 descriptor??
[  644.149367][   T10] keyspan 5-1:0.11: Keyspan 4 port adapter converter detected
[  644.188199][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81
[  644.198072][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1
[  644.210461][   T10] usb 5-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  644.225781][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  644.232254][   T52] dvb-usb: error while querying for an remote control event.
[  644.270012][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82
[  644.285333][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2
[  644.297092][   T10] usb 5-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  644.386401][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83
[  644.403949][T13731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.424184][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  644.479397][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3
[  644.500128][T13731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.509135][   T52] dvb-usb: error while querying for an remote control event.
[  644.677542][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  644.702345][   T10] usb 5-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  644.719439][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84
[  644.731727][   T10] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4
[  644.751660][   T10] usb 5-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  644.925461][T13743] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2700'.
[  644.937831][   T52] dvb-usb: error while querying for an remote control event.
[  645.115996][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  645.121842][   T52] dvb-usb: error while querying for an remote control event.
[  645.329614][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  645.335505][   T52] dvb-usb: error while querying for an remote control event.
[  645.497007][   T52] dvb-usb: bulk message failed: -22 (1/0)
[  645.517591][   T52] dvb-usb: error while querying for an remote control event.
[  645.542786][ T5883] usb 1-1: USB disconnect, device number 119
[  645.613487][ T5883] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  645.755547][   T10] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  645.875671][   T52] usb 3-1: new full-speed USB device number 116 using dummy_hcd
[  645.910155][   T10] usb 4-1: config 5 has an invalid interface number: 159 but max is 1
[  645.919343][   T10] usb 4-1: config 5 has no interface number 1
[  645.925656][   T10] usb 4-1: config 5 interface 159 has no altsetting 0
[  645.942682][   T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0004, bcdDevice=6b.64
[  645.952160][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.960550][   T10] usb 4-1: Product: syz
[  645.964863][   T10] usb 4-1: Manufacturer: syz
[  645.969959][   T10] usb 4-1: SerialNumber: syz
[  645.995343][ T5883] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[  646.055536][   T52] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  646.073509][   T52] usb 3-1: config 0 has no interface number 0
[  646.083115][ T5881] usb 5-1: USB disconnect, device number 106
[  646.094207][   T52] usb 3-1: config 0 interface 41 has no altsetting 0
[  646.113328][ T5881] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  646.133171][   T52] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  646.149093][ T5883] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  646.149654][ T5881] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  646.168187][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.178220][   T52] usb 3-1: Product: syz
[  646.180779][ T5882] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  646.183195][   T52] usb 3-1: Manufacturer: syz
[  646.199087][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.204200][   T52] usb 3-1: SerialNumber: syz
[  646.214122][ T5881] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  646.231700][ T5883] usb 1-1: config 0 descriptor??
[  646.252521][   T52] usb 3-1: config 0 descriptor??
[  646.266749][ T5881] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  646.355005][ T5881] keyspan 5-1:0.11: device disconnected
[  646.378262][ T5882] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  646.389996][ T5882] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  646.432401][ T5882] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  646.463605][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.500180][ T5882] usb 2-1: config 0 descriptor??
[  646.514874][ T5882] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  646.708723][ T5881] usb 5-1: new full-speed USB device number 107 using dummy_hcd
[  646.734706][T13764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.766941][T13764] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.913344][ T5881] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  646.927407][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.954303][ T5881] usb 5-1: config 0 descriptor??
[  646.993425][ T5881] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  647.181335][ T5881] gp8psk: usb in 128 operation failed.
[  647.318738][   T52] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -71
[  647.354404][   T52] usb 3-1: USB disconnect, device number 116
[  647.420666][ T5881] gp8psk: usb in 146 operation failed.
[  647.447367][ T5881] gp8psk: failed to get FW version
[  647.462465][ T5881] gp8psk: FPGA Version = 230
[  648.274753][ T5883] pegasus 1-1:0.0: probe with driver pegasus failed with error -110
[  648.594621][   T10] usb 4-1: USB disconnect, device number 12
[  648.619386][T13773] program syz.3.2710 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  648.691930][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:5.159/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  648.872944][ T5883] usb 2-1: USB disconnect, device number 120
[  648.910168][   T52] usb 1-1: USB disconnect, device number 120
[  649.259539][T13787] misc userio: Can't change port type on an already running userio instance
[  649.333212][T13789] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2716'.
[  649.375636][ T5883] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  649.530316][ T5881] gp8psk: usb in 138 operation failed.
[  649.567937][ T5883] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  649.580033][ T5881] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  649.603414][ T5883] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  649.623545][ T5881] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  649.647478][ T5883] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  649.669056][ T5881] usb 5-1: USB disconnect, device number 107
[  649.681850][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.714335][ T5883] usb 4-1: config 0 descriptor??
[  649.722700][T13795] FAULT_INJECTION: forcing a failure.
[  649.722700][T13795] name failslab, interval 1, probability 0, space 0, times 0
[  649.739707][T13795] CPU: 0 UID: 0 PID: 13795 Comm: syz.0.2719 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  649.739743][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  649.739757][T13795] Call Trace:
[  649.739767][T13795]  <TASK>
[  649.739777][T13795]  dump_stack_lvl+0x189/0x250
[  649.739815][T13795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.739845][T13795]  ? __pfx__printk+0x10/0x10
[  649.739871][T13795]  ? __pfx___might_resched+0x10/0x10
[  649.739896][T13795]  should_fail_ex+0x414/0x560
[  649.739922][T13795]  should_failslab+0xa8/0x100
[  649.739950][T13795]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  649.739978][T13795]  ? __alloc_skb+0x112/0x2d0
[  649.740006][T13795]  __alloc_skb+0x112/0x2d0
[  649.740034][T13795]  netlink_sendmsg+0x5c6/0xb30
[  649.740068][T13795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.740094][T13795]  ? __import_iovec+0x5d4/0x7f0
[  649.740120][T13795]  ? aa_sock_msg_perm+0x94/0x160
[  649.740145][T13795]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  649.740168][T13795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  649.740192][T13795]  __sock_sendmsg+0x219/0x270
[  649.740215][T13795]  ____sys_sendmsg+0x505/0x830
[  649.740248][T13795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  649.740288][T13795]  ___sys_sendmsg+0x21f/0x2a0
[  649.740318][T13795]  ? __pfx____sys_sendmsg+0x10/0x10
[  649.740383][T13795]  ? __fget_files+0x2a/0x420
[  649.740408][T13795]  ? __fget_files+0x3a0/0x420
[  649.740445][T13795]  __sys_sendmsg+0x164/0x220
[  649.740474][T13795]  ? __pfx___sys_sendmsg+0x10/0x10
[  649.740525][T13795]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  649.740553][T13795]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.740579][T13795]  __do_fast_syscall_32+0xb4/0x110
[  649.740607][T13795]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.740634][T13795]  do_fast_syscall_32+0x34/0x80
[  649.740660][T13795]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  649.740685][T13795] RIP: 0023:0xf7f11539
[  649.740702][T13795] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  649.740721][T13795] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  649.740743][T13795] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  649.740758][T13795] RDX: 0000000000068000 RSI: 0000000000000000 RDI: 0000000000000000
[  649.740771][T13795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  649.740783][T13795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  649.740794][T13795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  649.740824][T13795]  </TASK>
[  649.744098][ T5883] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  650.110860][ T5883] dvb-usb: bulk message failed: -22 (3/0)
[  650.126648][ T5883] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  650.136855][ T5883] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  650.144826][ T5883] usb 4-1: media controller created
[  650.162984][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  650.288764][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  650.288829][   T30] audit: type=1326 audit(1746798594.166:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17558 code=0x7ffc0000
[  650.369832][T13803] bridge_slave_0: left allmulticast mode
[  650.376693][T13803] bridge_slave_0: left promiscuous mode
[  650.383155][T13803] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.392971][   T30] audit: type=1326 audit(1746798594.166:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17558 code=0x7ffc0000
[  650.424391][   T30] audit: type=1326 audit(1746798594.166:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17539 code=0x7ffc0000
[  650.449884][   T30] audit: type=1326 audit(1746798594.166:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17539 code=0x7ffc0000
[  650.451653][ T5883] dvb-usb: bulk message failed: -22 (6/0)
[  650.500500][T13803] bridge_slave_1: left allmulticast mode
[  650.565570][   T30] audit: type=1326 audit(1746798594.176:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17558 code=0x7ffc0000
[  650.569106][T13803] bridge_slave_1: left promiscuous mode
[  650.591956][    C1] vkms_vblank_simulate: vblank timer overrun
[  650.592419][   T30] audit: type=1326 audit(1746798594.176:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17558 code=0x7ffc0000
[  650.627418][    C1] vkms_vblank_simulate: vblank timer overrun
[  650.634395][ T5883] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  650.642560][T13803] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.664469][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input121
[  650.693408][ T5883] dvb-usb: schedule remote query interval to 150 msecs.
[  650.708198][ T5883] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  650.786180][T13803] bond0: (slave bond_slave_0): Releasing backup interface
[  650.807846][T13803] bond0: (slave bond_slave_1): Releasing backup interface
[  650.820691][   T30] audit: type=1326 audit(1746798594.176:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=138 compat=1 ip=0xf7f17539 code=0x7ffc0000
[  650.843379][    C1] vkms_vblank_simulate: vblank timer overrun
[  650.852029][   T30] audit: type=1326 audit(1746798594.176:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f17558 code=0x7ffc0000
[  650.875991][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  650.883821][   T10] dvb-usb: error while querying for an remote control event.
[  650.883843][   T30] audit: type=1326 audit(1746798594.176:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17539 code=0x7ffc0000
[  650.914600][   T30] audit: type=1326 audit(1746798594.176:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13797 comm="syz.1.2721" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17539 code=0x7ffc0000
[  650.978792][T13803] team0: Port device team_slave_0 removed
[  651.086745][T13803] team0: Port device team_slave_1 removed
[  651.125316][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  651.142887][T13803] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.155451][   T10] dvb-usb: error while querying for an remote control event.
[  651.248481][T13803] batman_adv: batadv0: Removing interface: batadv_slave_0
[  651.320796][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  651.335318][   T10] dvb-usb: error while querying for an remote control event.
[  651.374799][T13803] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  651.406404][T13803] batman_adv: batadv0: Removing interface: batadv_slave_1
[  651.515763][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  651.539675][   T10] dvb-usb: error while querying for an remote control event.
[  651.738520][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  651.878948][   T10] dvb-usb: error while querying for an remote control event.
[  652.205651][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  652.211662][   T10] dvb-usb: error while querying for an remote control event.
[  652.220311][ T5883] usb 4-1: USB disconnect, device number 13
[  652.284707][ T5883] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  652.322504][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2730'.
[  652.357103][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2730'.
[  652.400968][   T52] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  652.416602][T13833] input: syz1 as /devices/virtual/input/input122
[  652.614289][   T52] usb 2-1: Using ep0 maxpacket: 32
[  652.667480][   T52] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  652.720123][T13843] bridge3: entered promiscuous mode
[  652.749654][   T52] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  652.800818][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.861492][   T52] usb 2-1: Product: syz
[  652.872212][   T52] usb 2-1: Manufacturer: syz
[  652.898096][   T52] usb 2-1: SerialNumber: syz
[  652.940235][   T52] usb 2-1: config 0 descriptor??
[  652.964766][   T52] usb 2-1: bad CDC descriptors
[  653.010875][   T52] usb 2-1: unsupported MDLM descriptors
[  653.206773][ T5828] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  653.223324][   T10] usb 2-1: USB disconnect, device number 121
[  653.360463][T13857] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2735'.
[  653.412109][ T5828] usb 3-1: config 0 has an invalid interface number: 94 but max is 0
[  653.431237][ T5828] usb 3-1: config 0 has no interface number 0
[  653.440910][ T5828] usb 3-1: config 0 interface 94 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0
[  653.452555][ T5828] usb 3-1: config 0 interface 94 altsetting 5 bulk endpoint 0x2 has invalid maxpacket 0
[  653.463352][ T5828] usb 3-1: config 0 interface 94 altsetting 5 has an endpoint descriptor with address 0x69, changing to 0x9
[  653.500765][ T5828] usb 3-1: config 0 interface 94 altsetting 5 endpoint 0x9 has invalid wMaxPacketSize 0
[  653.512138][ T5828] usb 3-1: config 0 interface 94 has no altsetting 0
[  653.523425][ T5828] usb 3-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2f.16
[  653.534301][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=50, SerialNumber=157
[  653.543062][ T5828] usb 3-1: Product: syz
[  653.547882][ T5828] usb 3-1: Manufacturer: syz
[  653.552660][ T5828] usb 3-1: SerialNumber: syz
[  653.563614][ T5828] usb 3-1: config 0 descriptor??
[  653.581428][ T5828] kvaser_usb 3-1:0.94: error -ENODEV: Cannot get usb endpoint(s)
[  653.655308][   T10] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  653.785526][   T10] usb 1-1: device descriptor read/64, error -71
[  653.977635][T13866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2738'.
[  654.025322][   T10] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  654.185997][   T10] usb 1-1: device descriptor read/64, error -71
[  654.306259][   T10] usb usb1-port1: attempt power cycle
[  654.365457][ T5883] usb 5-1: new full-speed USB device number 109 using dummy_hcd
[  654.532317][T13876] FAULT_INJECTION: forcing a failure.
[  654.532317][T13876] name failslab, interval 1, probability 0, space 0, times 0
[  654.536859][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  654.555236][T13876] CPU: 1 UID: 0 PID: 13876 Comm: syz.1.2743 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  654.555265][T13876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  654.555278][T13876] Call Trace:
[  654.555286][T13876]  <TASK>
[  654.555296][T13876]  dump_stack_lvl+0x189/0x250
[  654.555334][T13876]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.555364][T13876]  ? __pfx__printk+0x10/0x10
[  654.555392][T13876]  ? ref_tracker_alloc+0x318/0x460
[  654.555418][T13876]  should_fail_ex+0x414/0x560
[  654.555443][T13876]  should_failslab+0xa8/0x100
[  654.555472][T13876]  kmem_cache_alloc_noprof+0x73/0x3c0
[  654.555497][T13876]  ? skb_clone+0x212/0x3a0
[  654.555531][T13876]  skb_clone+0x212/0x3a0
[  654.555563][T13876]  __netlink_deliver_tap+0x404/0x850
[  654.555598][T13876]  ? netlink_deliver_tap+0x2e/0x1b0
[  654.555621][T13876]  netlink_deliver_tap+0x19c/0x1b0
[  654.555643][T13876]  netlink_unicast+0x72f/0x8d0
[  654.555675][T13876]  netlink_sendmsg+0x805/0xb30
[  654.555708][T13876]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.555734][T13876]  ? __import_iovec+0x5d4/0x7f0
[  654.555759][T13876]  ? aa_sock_msg_perm+0x94/0x160
[  654.555783][T13876]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  654.555805][T13876]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.555829][T13876]  __sock_sendmsg+0x219/0x270
[  654.555852][T13876]  ____sys_sendmsg+0x505/0x830
[  654.555885][T13876]  ? __pfx_____sys_sendmsg+0x10/0x10
[  654.555930][T13876]  ___sys_sendmsg+0x21f/0x2a0
[  654.555957][ T5883] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  654.555970][T13876]  ? __pfx____sys_sendmsg+0x10/0x10
[  654.556033][T13876]  ? __fget_files+0x2a/0x420
[  654.556060][T13876]  ? __fget_files+0x3a0/0x420
[  654.556101][T13876]  __sys_sendmsg+0x164/0x220
[  654.556134][T13876]  ? __pfx___sys_sendmsg+0x10/0x10
[  654.556179][T13876]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  654.556206][T13876]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.556230][T13876]  __do_fast_syscall_32+0xb4/0x110
[  654.556258][T13876]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.556288][T13876]  do_fast_syscall_32+0x34/0x80
[  654.556316][T13876]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  654.556342][T13876] RIP: 0023:0xf7f17539
[  654.556363][T13876] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  654.556382][T13876] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  654.556405][T13876] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  654.556420][T13876] RDX: 0000000000040020 RSI: 0000000000000000 RDI: 0000000000000000
[  654.556434][T13876] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  654.556448][T13876] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  654.556460][T13876] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  654.556492][T13876]  </TASK>
[  654.852782][ T5883] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  654.862034][ T5883] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  654.871450][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.905280][   T10] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  654.923590][ T5883] usb 5-1: config 0 descriptor??
[  654.936135][   T10] usb 1-1: device descriptor read/8, error -71
[  654.949304][ T5883] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  654.957668][ T5883] dvb-usb: bulk message failed: -22 (3/0)
[  654.965760][ T5881] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  654.988764][ T5883] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  654.997359][    T9] usb 4-1: Using ep0 maxpacket: 32
[  655.004215][ T5883] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  655.011580][ T5883] usb 5-1: media controller created
[  655.018157][    T9] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  655.029641][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  655.038442][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.061782][    T9] usb 4-1: config 0 descriptor??
[  655.068274][ T5883] dvb-usb: bulk message failed: -22 (6/0)
[  655.087504][ T5883] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  655.095750][    T9] gspca_main: sq930x-2.14.0 probing 041e:403c
[  655.116879][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input123
[  655.135625][ T5881] usb 2-1: Using ep0 maxpacket: 16
[  655.148496][ T5883] dvb-usb: schedule remote query interval to 150 msecs.
[  655.159585][ T5881] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  655.165564][ T5883] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  655.195574][   T10] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  655.205704][ T5881] usb 2-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config
[  655.216844][ T5881] usb 2-1: config 0 has no interface number 0
[  655.269754][ T5881] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  655.303478][   T10] usb 1-1: device descriptor read/8, error -71
[  655.314762][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.340428][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  655.349344][ T5883] dvb-usb: error while querying for an remote control event.
[  655.385436][ T5881] usb 2-1: Product: syz
[  655.389779][ T5881] usb 2-1: Manufacturer: syz
[  655.394511][ T5881] usb 2-1: SerialNumber: syz
[  655.406449][ T5881] usb 2-1: config 0 descriptor??
[  655.419185][ T5881] usb 2-1: Found UVC 0.00 device syz (046d:08f3)
[  655.426016][ T5881] usb 2-1: No valid video chain found.
[  655.445537][   T10] usb usb1-port1: unable to enumerate USB device
[  655.535692][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  655.541692][ T5883] dvb-usb: error while querying for an remote control event.
[  655.655730][T13878] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2744'.
[  655.696757][T13878] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  655.741518][T13878] netlink: 'syz.1.2744': attribute type 10 has an invalid length.
[  655.774743][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  655.813304][   T10] dvb-usb: error while querying for an remote control event.
[  655.933875][   T10] usb 2-1: USB disconnect, device number 122
[  655.940270][    T9] gspca_sq930x: reg_w 0105 bf00 failed -71
[  656.025665][    T9] sq930x 4-1:0.0: probe with driver sq930x failed with error -71
[  656.051824][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  656.096889][ T5883] dvb-usb: error while querying for an remote control event.
[  656.157424][    T9] usb 4-1: USB disconnect, device number 14
[  656.203544][ T5883] usb 3-1: USB disconnect, device number 117
[  656.355484][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  656.410027][   T10] dvb-usb: error while querying for an remote control event.
[  656.486209][ T5828] usb 5-1: USB disconnect, device number 109
[  656.551561][ T5828] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  657.585129][T13911] bridge_slave_0: left allmulticast mode
[  657.594088][T13911] bridge_slave_0: left promiscuous mode
[  657.622245][T13911] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.644704][T13911] bridge_slave_1: left allmulticast mode
[  657.672787][ T5883] hid (null): unknown global tag 0xd
[  657.679010][ T5883] hid (null): unknown global tag 0xc
[  657.698750][ T5883] hid-generic 0003:0002:0004.0012: reserved main item tag 0xd
[  657.703588][T13911] bridge_slave_1: left promiscuous mode
[  657.711482][ T5883] hid-generic 0003:0002:0004.0012: unknown global tag 0xd
[  657.724278][ T5883] hid-generic 0003:0002:0004.0012: item 0 4 1 13 parsing failed
[  657.733233][T13911] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.749229][ T5883] hid-generic 0003:0002:0004.0012: probe with driver hid-generic failed with error -22
[  657.903781][T13911] team0: Port device team_slave_0 removed
[  657.934593][T13911] team0: Port device team_slave_1 removed
[  657.959830][T13911] bond0: (slave gretap1): Releasing active interface
[  658.287107][T13923] raw_sendmsg: syz.0.2757 forgot to set AF_INET. Fix it!
[  658.495264][ T5881] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  658.545664][ T5883] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  658.685232][ T5881] usb 5-1: Using ep0 maxpacket: 16
[  658.695664][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.720089][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.795359][ T5883] usb 1-1: Using ep0 maxpacket: 32
[  658.945647][ T5883] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  658.964640][ T5883] usb 1-1: config 0 has no interface number 0
[  658.998875][ T5883] usb 1-1: config 0 interface 12 has no altsetting 0
[  659.177572][ T5883] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  659.213481][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.233536][ T5883] usb 1-1: Product: syz
[  659.254534][ T5883] usb 1-1: Manufacturer: syz
[  659.326601][ T5881] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  659.339514][ T5883] usb 1-1: SerialNumber: syz
[  659.356989][ T5883] usb 1-1: config 0 descriptor??
[  659.395529][ T5881] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  659.404648][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.428076][ T5881] usb 5-1: config 0 descriptor??
[  659.449529][ T5881] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input124
[  659.487428][ T5184] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.512276][ T5184] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.566018][ T5184] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.599806][ T6419] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.605743][    T9] usb 3-1: new full-speed USB device number 118 using dummy_hcd
[  659.628461][ T5184] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  659.647781][ T5889] usb 5-1: USB disconnect, device number 110
[  659.665976][T13944] misc userio: Can't change port type on an already running userio instance
[  659.778179][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.815787][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  659.824955][    T9] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  659.839992][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.871549][    T9] usb 3-1: config 0 descriptor??
[  659.897905][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  659.926083][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  659.948986][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  659.976536][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  659.994252][    T9] usb 3-1: media controller created
[  660.007632][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  660.031268][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  660.045324][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  660.060891][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input126
[  660.077252][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  660.084744][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  660.235479][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  660.282743][    T9] dvb-usb: error while querying for an remote control event.
[  660.302113][T13951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2766'.
[  660.423261][T13956] xt_NFQUEUE: number of total queues is 0
[  660.495904][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  660.518248][    T9] dvb-usb: error while querying for an remote control event.
[  660.555783][ T5889] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  660.695473][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  660.714797][    T9] dvb-usb: error while querying for an remote control event.
[  660.724484][ T5889] usb 4-1: Using ep0 maxpacket: 8
[  660.736606][ T5889] usb 4-1: config index 0 descriptor too short (expected 18, got 14)
[  660.748759][ T5889] usb 4-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  660.759916][ T5889] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  660.776360][ T5889] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  660.800494][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.815029][ T5889] usb 4-1: Product: syz
[  660.821495][ T5889] usb 4-1: Manufacturer: syz
[  660.828380][ T5889] usb 4-1: SerialNumber: syz
[  660.844697][ T5889] usb 4-1: config 0 descriptor??
[  660.885933][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  660.933276][ T5889] dvb-usb: error while querying for an remote control event.
[  661.030506][ T5883] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  661.041570][ T5883] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  661.092665][ T5883] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  661.125530][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  661.161594][ T5883] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  661.182782][ T5889] dvb-usb: error while querying for an remote control event.
[  661.278537][T13953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.318768][ T5883] usb 1-1: USB disconnect, device number 125
[  661.331310][T13953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.472728][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  661.516250][ T5889] dvb-usb: error while querying for an remote control event.
[  661.626341][ T5883] usb 3-1: USB disconnect, device number 118
[  661.687131][ T5883] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  661.977705][ T5881] usb 4-1: USB disconnect, device number 15
[  662.045538][ T5889] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  662.088702][ T5831] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  662.090682][T13975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2775'.
[  662.135739][T13975] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[  662.147826][T13975] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[  662.202151][T13968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.215843][T13968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.495677][ T5881] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  662.666013][ T5881] usb 2-1: Using ep0 maxpacket: 8
[  662.687244][ T5881] usb 2-1: config 135 has an invalid interface number: 230 but max is 0
[  662.725334][ T5881] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  662.774129][ T5881] usb 2-1: config 135 has no interface number 0
[  662.799099][ T5881] usb 2-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  662.865347][ T5881] usb 2-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  662.895268][ T5828] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  662.918267][ T5881] usb 2-1: config 135 interface 230 has no altsetting 0
[  662.932617][T13988] IPv6: NLM_F_REPLACE set, but no existing node found!
[  662.943320][ T5881] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  662.955817][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.993863][ T5881] usb 2-1: Product: syz
[  663.018240][ T5881] usb 2-1: Manufacturer: syz
[  663.023547][ T5881] usb 2-1: SerialNumber: syz
[  663.065021][ T5881] usb 2-1: Found UVC 0.00 device syz (18ec:3288)
[  663.065062][ T5881] usb 2-1: No valid video chain found.
[  663.075421][ T5828] usb 5-1: Using ep0 maxpacket: 8
[  663.087229][ T5828] usb 5-1: config 0 has an invalid interface number: 10 but max is 0
[  663.087261][ T5828] usb 5-1: config 0 has no interface number 0
[  663.092708][ T5828] usb 5-1: New USB device found, idVendor=20b9, idProduct=1682, bcdDevice=5d.1d
[  663.092743][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.092765][ T5828] usb 5-1: Product: syz
[  663.092782][ T5828] usb 5-1: Manufacturer: syz
[  663.092798][ T5828] usb 5-1: SerialNumber: syz
[  663.096705][ T5828] usb 5-1: config 0 descriptor??
[  663.104372][ T5828] option 5-1:0.10: GSM modem (1-port) converter detected
[  663.252085][ T5828] usb 2-1: USB disconnect, device number 123
[  663.307746][ T5881] usb 5-1: USB disconnect, device number 111
[  663.309284][ T5881] option 5-1:0.10: device disconnected
[  664.495651][ T5828] usb 2-1: new full-speed USB device number 124 using dummy_hcd
[  664.535820][T14018] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2790'.
[  664.545086][T14018] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2790'.
[  664.808584][ T5828] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  664.825401][ T5828] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  664.834559][ T5828] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  664.894287][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.909517][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  664.909537][   T30] audit: type=1326 audit(1746798608.796:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  664.938000][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.960784][ T5828] usb 2-1: config 0 descriptor??
[  665.006923][   T30] audit: type=1326 audit(1746798608.796:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.033984][   T30] audit: type=1326 audit(1746798608.806:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.056853][    C1] vkms_vblank_simulate: vblank timer overrun
[  665.063863][ T5828] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  665.078725][ T5828] dvb-usb: bulk message failed: -22 (3/0)
[  665.103438][ T5828] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  665.126158][ T5828] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  665.135581][ T5889] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  665.153696][ T5828] usb 2-1: media controller created
[  665.163848][   T30] audit: type=1326 audit(1746798608.806:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.186857][    C1] vkms_vblank_simulate: vblank timer overrun
[  665.195688][ T5828] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  665.244238][ T5828] dvb-usb: bulk message failed: -22 (6/0)
[  665.265473][   T30] audit: type=1326 audit(1746798608.806:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.287496][    C1] vkms_vblank_simulate: vblank timer overrun
[  665.335303][ T5828] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  665.343800][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  665.355523][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  665.365788][   T30] audit: type=1326 audit(1746798608.806:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.389580][   T30] audit: type=1326 audit(1746798608.806:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.414431][ T5889] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  665.423828][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.436818][ T5828] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input127
[  665.450837][   T30] audit: type=1326 audit(1746798608.806:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14020 comm="syz.2.2791" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd4539 code=0x7ffc0000
[  665.486518][ T5828] dvb-usb: schedule remote query interval to 150 msecs.
[  665.493551][ T5828] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  665.505381][ T5889] usb 5-1: Product: syz
[  665.517855][ T5889] usb 5-1: Manufacturer: syz
[  665.530393][ T5889] usb 5-1: SerialNumber: syz
[  665.582790][ T5889] usb 5-1: config 0 descriptor??
[  665.594521][ T5889] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  665.601099][ T5889] usb 5-1: No valid video chain found.
[  665.654170][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  665.710595][ T5828] dvb-usb: error while querying for an remote control event.
[  665.797340][T14024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.903449][T14024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.905424][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  665.917059][ T5828] dvb-usb: error while querying for an remote control event.
[  665.994006][T14024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.014820][T14024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.061880][T14024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2792'.
[  666.075338][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  666.111694][ T5889] usb 5-1: USB disconnect, device number 112
[  666.126584][ T5828] dvb-usb: error while querying for an remote control event.
[  666.285263][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  666.291132][ T5828] dvb-usb: error while querying for an remote control event.
[  666.299982][T14038] IPv6: NLM_F_REPLACE set, but no existing node found!
[  666.510371][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  666.530588][ T5828] dvb-usb: error while querying for an remote control event.
[  666.705252][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  666.739375][ T5828] dvb-usb: error while querying for an remote control event.
[  667.055275][ T5828] dvb-usb: bulk message failed: -22 (1/0)
[  667.076700][ T5828] dvb-usb: error while querying for an remote control event.
[  667.096043][ T5889] usb 2-1: USB disconnect, device number 124
[  667.238084][   T30] audit: type=1326 audit(1746798611.116:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14044 comm="syz.3.2801" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0
[  667.286589][T14048] dlm: no locking on control device
[  667.288705][ T5889] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  667.472382][T14028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.499348][T14028] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.635294][    T9] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  667.680908][ T5828] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[  668.090945][T14057] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  668.106569][    T9] usb 5-1: Using ep0 maxpacket: 8
[  668.133941][T14057] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  668.157529][    T9] usb 5-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9
[  668.180040][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.195299][T14057] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  668.213111][    T9] usb 5-1: config 0 descriptor??
[  668.442075][    T9] usblcd 5-1:0.0: USBLCD model not supported.
[  668.502264][T14068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2806'.
[  668.695307][ T5881] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  668.855450][ T5881] usb 1-1: Using ep0 maxpacket: 8
[  668.863199][ T5881] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  668.879382][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.002928][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.056721][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  669.205937][ T5881] usb 1-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  669.221008][T14081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2808'.
[  669.235345][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.385967][ T5881] usb 1-1: config 0 descriptor??
[  669.725425][ T5828] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  669.821187][ T5881] redragon 0003:0C45:760B.0013: unknown main item tag 0x6
[  669.839293][ T5881] redragon 0003:0C45:760B.0013: item fetching failed at offset 7/133
[  669.860162][ T5881] redragon 0003:0C45:760B.0013: probe with driver redragon failed with error -22
[  669.901227][ T5828] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.963431][ T5828] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC3, changing to 0x83
[  670.016915][T14062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.059687][T14062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.075348][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 23094, setting to 64
[  670.124091][   T10] usb 1-1: USB disconnect, device number 127
[  670.125237][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  670.180670][    T9] usb 5-1: USB disconnect, device number 113
[  670.230408][ T5828] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  670.276590][ T5828] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  670.286221][ T5828] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  670.303492][ T5828] usb 4-1: Manufacturer: syz
[  670.340349][ T5828] usb 4-1: config 0 descriptor??
[  670.631099][T14081] netlink: 'syz.3.2808': attribute type 11 has an invalid length.
[  670.665403][   T10] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[  670.731716][T14081] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2808'.
[  670.780858][T14095] xt_NFQUEUE: number of total queues is 0
[  670.791675][ T5828] usb 4-1: USB disconnect, device number 16
[  670.878288][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.895512][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.912119][   T10] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  670.927070][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.941554][   T10] usb 3-1: Product: syz
[  670.960619][   T10] usb 3-1: Manufacturer: syz
[  670.975551][   T10] usb 3-1: SerialNumber: syz
[  670.986548][   T10] usb 3-1: config 0 descriptor??
[  671.000006][   T10] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  671.008205][   T10] usb 3-1: No valid video chain found.
[  671.185396][    T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  671.265529][T14088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.277246][T14088] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  671.291811][T14088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.375838][T14088] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  671.399819][T14088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2810'.
[  671.437712][ T5889] usb 3-1: USB disconnect, device number 120
[  671.468387][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  671.487443][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  671.515549][    T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  671.541500][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.565571][    T9] usb 1-1: config 0 descriptor??
[  671.587416][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  671.623175][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  671.662463][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  671.692630][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  671.785307][    T9] usb 1-1: media controller created
[  671.792998][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  671.804561][T14106] xt_NFQUEUE: number of total queues is 0
[  671.924170][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  671.924232][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  672.003472][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input128
[  672.021307][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  672.021329][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  672.185953][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  672.185994][    T9] dvb-usb: error while querying for an remote control event.
[  672.485747][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  672.485787][    T9] dvb-usb: error while querying for an remote control event.
[  672.655682][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  672.655862][    T9] dvb-usb: error while querying for an remote control event.
[  672.784865][T14114] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2817'.
[  672.815323][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  672.815353][    T9] dvb-usb: error while querying for an remote control event.
[  672.975337][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  672.984818][    T9] dvb-usb: error while querying for an remote control event.
[  673.155480][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  673.163723][ T5889] dvb-usb: error while querying for an remote control event.
[  673.365590][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  673.382163][ T5889] dvb-usb: error while querying for an remote control event.
[  673.390146][    T9] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  673.565420][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  673.589922][ T5889] dvb-usb: error while querying for an remote control event.
[  673.885277][ T5889] dvb-usb: bulk message failed: -22 (1/0)
[  673.891320][ T5889] dvb-usb: error while querying for an remote control event.
[  673.904140][   T10] usb 1-1: USB disconnect, device number 2
[  673.953837][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  673.966611][T14101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  674.010117][T14101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  674.755421][   T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  674.935535][   T10] usb 1-1: Using ep0 maxpacket: 8
[  674.958555][   T10] usb 1-1: config index 0 descriptor too short (expected 18, got 14)
[  675.029443][   T10] usb 1-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[  675.090178][   T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  675.124751][   T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  675.142543][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.156534][   T10] usb 1-1: Product: syz
[  675.168606][   T10] usb 1-1: Manufacturer: syz
[  675.174418][   T10] usb 1-1: SerialNumber: syz
[  675.217615][   T10] usb 1-1: config 0 descriptor??
[  675.385354][    T9] usb 2-1: device descriptor read/64, error -71
[  675.535906][T14132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.548521][T14132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.566083][   T10] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  675.655915][    T9] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  675.738780][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.763248][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  675.792759][   T10] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  675.803771][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.818209][   T10] usb 5-1: Product: syz
[  675.826797][    T9] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  675.841813][   T10] usb 5-1: Manufacturer: syz
[  675.853534][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  675.863579][   T10] usb 5-1: SerialNumber: syz
[  675.873032][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  675.894031][   T10] usb 5-1: config 0 descriptor??
[  675.923106][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  675.933801][   T10] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  675.948155][   T10] usb 5-1: No valid video chain found.
[  675.958360][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  675.975476][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  675.996966][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.058116][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.070333][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.092154][ T5828] usb 1-1: USB disconnect, device number 3
[  676.197429][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.212160][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.217608][T14144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.232341][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.256114][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.283167][T14144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.299905][T14144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.410695][T14144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.417415][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.448777][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.470328][   T10] usb 5-1: USB disconnect, device number 114
[  676.538684][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.567821][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.597637][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.615666][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.624834][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.634482][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.675548][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.684432][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  676.694950][    T9] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  676.710606][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  676.720202][    T9] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  676.730499][    T9] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  676.739273][    T9] usb 2-1: Product: syz
[  676.743732][    T9] usb 2-1: Manufacturer: syz
[  676.748653][    T9] usb 2-1: SerialNumber: syz
[  676.759349][    T9] usb 2-1: config 0 descriptor??
[  676.765882][ T5828] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  676.778188][    T9] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  676.931232][ T5828] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  676.941320][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.956413][ T5828] usb 1-1: config 0 descriptor??
[  677.005067][ T5828] cp210x 1-1:0.0: cp210x converter detected
[  677.123353][    C0] usb 2-1: yurex_control_callback - control failed: -2
[  677.141546][ T5881] usb 2-1: USB disconnect, device number 126
[  677.164730][ T5881] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  677.434040][ T5828] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  677.445639][ T5828] cp210x 1-1:0.0: failed to get vendor val 0x370c size 73: -71
[  677.453407][ T5828] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  677.516284][ T5828] usb 1-1: cp210x converter now attached to ttyUSB0
[  677.653659][ T5828] usb 1-1: USB disconnect, device number 4
[  677.702954][ T5828] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  677.711794][ T5828] cp210x 1-1:0.0: device disconnected
[  677.855849][   T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  678.015812][   T10] usb 4-1: Using ep0 maxpacket: 8
[  678.055091][   T10] usb 4-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9
[  678.081885][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.168419][   T10] usb 4-1: config 0 descriptor??
[  678.199935][   T10] usblcd 4-1:0.0: USBLCD model not supported.
[  678.955898][   T10] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  679.402477][T14195] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2844'.
[  679.595988][ T5828] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  679.755372][    T9] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  679.767541][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.809354][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  679.869782][ T5828] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  679.910143][ T5828] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.922151][    T9] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  679.935707][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  679.973351][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.149488][ T5828] usb 1-1: Product: syz
[  680.159733][ T5828] usb 1-1: Manufacturer: syz
[  680.174630][ T5828] usb 1-1: SerialNumber: syz
[  680.201323][ T5828] usb 1-1: config 0 descriptor??
[  680.245408][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.247721][ T5828] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  680.301240][ T5828] usb 1-1: No valid video chain found.
[  680.323712][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.391859][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.450100][T14192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.483482][T14192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.542251][T14192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.565237][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.611472][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.628982][T14192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.655371][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.712645][ T5881] usb 1-1: USB disconnect, device number 5
[  680.731103][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.760069][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.772700][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.786891][ T5139] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  680.798534][ T5139] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  680.807550][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.814752][ T5139] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  680.825826][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.835652][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.848910][ T5139] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  680.859184][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.867261][ T5139] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  680.877578][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.888738][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.901941][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.910388][ T5828] usb 4-1: USB disconnect, device number 17
[  680.913076][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.947262][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.965936][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  680.974962][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.989626][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  681.001689][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  681.011931][    T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  681.022066][    T9] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  681.031223][    T9] usb 5-1: Product: syz
[  681.036226][    T9] usb 5-1: Manufacturer: syz
[  681.041103][    T9] usb 5-1: SerialNumber: syz
[  681.047281][   T52] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  681.059085][    T9] usb 5-1: config 0 descriptor??
[  681.074288][    T9] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  681.124017][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  681.137551][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.199485][   T52] usb 3-1: config 1 interface 0 has no altsetting 0
[  681.221916][   T52] usb 3-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.40
[  681.231910][   T52] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.243512][   T52] usb 3-1: Product: syz
[  681.247875][   T52] usb 3-1: Manufacturer: syz
[  681.252867][   T52] usb 3-1: SerialNumber: syz
[  681.279114][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  681.290829][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.413103][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  681.423909][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.425518][ T5828] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  681.462400][    C0] usb 5-1: yurex_control_callback - control failed: -2
[  681.516921][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[  681.538837][   T52] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input129
[  681.553176][    T9] usb 5-1: USB disconnect, device number 115
[  681.563781][ T5184] bcm5974 3-1:1.0: could not read from device
[  681.583374][    T9] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  681.600109][ T5184] bcm5974 3-1:1.0: could not read from device
[  681.600279][ T5828] usb 4-1: config 1 interface 0 has no altsetting 0
[  681.639157][   T52] usb 3-1: USB disconnect, device number 121
[  681.646388][ T5828] usb 4-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.40
[  681.652141][ T5184] bcm5974 3-1:1.0: could not read from device
[  681.674658][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.689471][ T5184] bcm5974 3-1:1.0: could not read from device
[  681.697867][ T5828] usb 4-1: Product: syz
[  681.702115][ T5828] usb 4-1: Manufacturer: syz
[  681.714014][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  681.740754][ T5828] usb 4-1: SerialNumber: syz
[  681.746376][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.801031][ T5911] udevd[5911]: Error opening device "/dev/input/event4": No such file or directory
[  681.847121][ T5911] udevd[5911]: Unable to EVIOCGABS device "/dev/input/event4"
[  681.875552][ T5911] udevd[5911]: Unable to EVIOCGABS device "/dev/input/event4"
[  681.883244][ T5911] udevd[5911]: Unable to EVIOCGABS device "/dev/input/event4"
[  681.930898][ T5911] udevd[5911]: Unable to EVIOCGABS device "/dev/input/event4"
[  681.976303][T14204] FAULT_INJECTION: forcing a failure.
[  681.976303][T14204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  682.024009][T14204] CPU: 0 UID: 0 PID: 14204 Comm: syz.3.2849 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  682.024042][T14204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  682.024056][T14204] Call Trace:
[  682.024064][T14204]  <TASK>
[  682.024074][T14204]  dump_stack_lvl+0x189/0x250
[  682.024109][T14204]  ? __lock_acquire+0xaac/0xd20
[  682.024140][T14204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  682.024169][T14204]  ? __pfx__printk+0x10/0x10
[  682.024191][T14204]  ? __might_fault+0xb0/0x130
[  682.024228][T14204]  should_fail_ex+0x414/0x560
[  682.024253][T14204]  _copy_from_user+0x2d/0xb0
[  682.024282][T14204]  get_compat_msghdr+0xad/0x4a0
[  682.024314][T14204]  ? __pfx_get_compat_msghdr+0x10/0x10
[  682.024362][T14204]  ___sys_sendmsg+0x193/0x2a0
[  682.024392][T14204]  ? __pfx____sys_sendmsg+0x10/0x10
[  682.024456][T14204]  ? __fget_files+0x2a/0x420
[  682.024482][T14204]  ? __fget_files+0x3a0/0x420
[  682.024519][T14204]  __sys_sendmsg+0x164/0x220
[  682.024547][T14204]  ? __pfx___sys_sendmsg+0x10/0x10
[  682.024588][T14204]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  682.024616][T14204]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.024642][T14204]  __do_fast_syscall_32+0xb4/0x110
[  682.024667][T14204]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.024694][T14204]  do_fast_syscall_32+0x34/0x80
[  682.024720][T14204]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.024744][T14204] RIP: 0023:0xf70de539
[  682.024763][T14204] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  682.024780][T14204] RSP: 002b:00000000f50ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  682.024803][T14204] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140
[  682.024817][T14204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  682.024829][T14204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.024841][T14204] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  682.024853][T14204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  682.024883][T14204]  </TASK>
[  682.241447][    C0] vkms_vblank_simulate: vblank timer overrun
[  682.259472][T14202] chnl_net:caif_netlink_parms(): no params data found
[  682.348958][    T9] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  682.401688][ T5828] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input130
[  682.454630][ T5184] bcm5974 4-1:1.0: could not read from device
[  682.480609][ T5828] usb 4-1: USB disconnect, device number 18
[  682.517868][    T9] usb 5-1: config 1 interface 0 has no altsetting 0
[  682.547589][    T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.40
[  682.560326][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.593197][    T9] usb 5-1: Product: syz
[  682.608908][    T9] usb 5-1: Manufacturer: syz
[  682.613949][    T9] usb 5-1: SerialNumber: syz
[  682.691787][T14229] FAULT_INJECTION: forcing a failure.
[  682.691787][T14229] name failslab, interval 1, probability 0, space 0, times 0
[  682.706281][T14229] CPU: 0 UID: 0 PID: 14229 Comm: syz.2.2854 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  682.706309][T14229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  682.706323][T14229] Call Trace:
[  682.706331][T14229]  <TASK>
[  682.706340][T14229]  dump_stack_lvl+0x189/0x250
[  682.706379][T14229]  ? __pfx_dump_stack_lvl+0x10/0x10
[  682.706408][T14229]  ? __pfx__printk+0x10/0x10
[  682.706430][T14229]  ? __pfx___might_resched+0x10/0x10
[  682.706453][T14229]  should_fail_ex+0x414/0x560
[  682.706479][T14229]  ? nf_tables_newchain+0x1c69/0x29f0
[  682.706503][T14229]  should_failslab+0xa8/0x100
[  682.706542][T14229]  __kvmalloc_node_noprof+0x168/0x5e0
[  682.706568][T14229]  ? nf_tables_newchain+0x1c69/0x29f0
[  682.706597][T14229]  nf_tables_newchain+0x1c69/0x29f0
[  682.706635][T14229]  ? __pfx_nf_tables_newchain+0x10/0x10
[  682.706694][T14229]  ? nfnl_pernet+0x23/0x240
[  682.706729][T14229]  ? __nla_parse+0x40/0x60
[  682.706757][T14229]  nfnetlink_rcv+0x113f/0x2530
[  682.706818][T14229]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  682.706897][T14229]  ? skb_clone+0x246/0x3a0
[  682.706943][T14229]  ? netlink_deliver_tap+0x2e/0x1b0
[  682.706966][T14229]  ? netlink_deliver_tap+0x2e/0x1b0
[  682.706994][T14229]  netlink_unicast+0x758/0x8d0
[  682.707026][T14229]  netlink_sendmsg+0x805/0xb30
[  682.707057][T14229]  ? __pfx_netlink_sendmsg+0x10/0x10
[  682.707081][T14229]  ? __import_iovec+0x5d4/0x7f0
[  682.707105][T14229]  ? aa_sock_msg_perm+0x94/0x160
[  682.707129][T14229]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  682.707151][T14229]  ? __pfx_netlink_sendmsg+0x10/0x10
[  682.707176][T14229]  __sock_sendmsg+0x219/0x270
[  682.707199][T14229]  ____sys_sendmsg+0x505/0x830
[  682.707232][T14229]  ? __pfx_____sys_sendmsg+0x10/0x10
[  682.707276][T14229]  ___sys_sendmsg+0x21f/0x2a0
[  682.707306][T14229]  ? __pfx____sys_sendmsg+0x10/0x10
[  682.707373][T14229]  ? __fget_files+0x2a/0x420
[  682.707398][T14229]  ? __fget_files+0x3a0/0x420
[  682.707436][T14229]  __sys_sendmsg+0x164/0x220
[  682.707465][T14229]  ? __pfx___sys_sendmsg+0x10/0x10
[  682.707508][T14229]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  682.707542][T14229]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.707568][T14229]  __do_fast_syscall_32+0xb4/0x110
[  682.707595][T14229]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.707623][T14229]  do_fast_syscall_32+0x34/0x80
[  682.707649][T14229]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  682.707674][T14229] RIP: 0023:0xf7fd4539
[  682.707692][T14229] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  682.707710][T14229] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  682.707732][T14229] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  682.707746][T14229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  682.707759][T14229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  682.707771][T14229] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  682.707783][T14229] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  682.707814][T14229]  </TASK>
[  683.028148][ T5139] Bluetooth: hci4: command tx timeout
[  683.056618][    T9] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input131
[  683.068496][ T5184] bcm5974 5-1:1.0: could not read from device
[  683.172167][    T9] usb 5-1: USB disconnect, device number 116
[  683.317123][T14232] Cannot find add_set index 2 as target
[  683.332381][T14233] Cannot find add_set index 2 as target
[  683.427812][T14236] xt_CT: No such helper "snmp"
[  683.646122][T14242] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2857'.
[  683.950763][    T9] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  684.109377][   T36] bond0 (unregistering): Released all slaves
[  684.121774][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  684.140946][   T36] bond1 (unregistering): Released all slaves
[  684.147444][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  684.168981][    T9] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  684.182469][   T36] bond2 (unregistering): Released all slaves
[  684.189394][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.202634][    T9] usb 3-1: Product: syz
[  684.207761][    T9] usb 3-1: Manufacturer: syz
[  684.212632][    T9] usb 3-1: SerialNumber: syz
[  684.219963][   T36] bond3 (unregistering): Released all slaves
[  684.232328][    T9] usb 3-1: config 0 descriptor??
[  684.250322][    T9] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  684.257400][    T9] usb 3-1: No valid video chain found.
[  684.456110][T14202] bridge0: port 1(bridge_slave_0) entered blocking state
[  684.473747][T14202] bridge0: port 1(bridge_slave_0) entered disabled state
[  684.487737][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.508427][T14202] bridge_slave_0: entered allmulticast mode
[  684.537916][T14202] bridge_slave_0: entered promiscuous mode
[  684.538086][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.609447][T14245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.631498][T14245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.660366][T14202] bridge0: port 2(bridge_slave_1) entered blocking state
[  684.678670][ T5881] usb 3-1: USB disconnect, device number 122
[  684.685213][T14202] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.695826][T14202] bridge_slave_1: entered allmulticast mode
[  684.707776][T14202] bridge_slave_1: entered promiscuous mode
[  684.837574][T14263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2863'.
[  685.059251][ T5831] Bluetooth: hci4: command tx timeout
[  685.152407][T14202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  685.231147][T14202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  685.286413][ T5881] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  685.375270][    T9] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  685.574592][T14282] xt_bpf: check failed: parse error
[  685.580532][ T5881] usb 1-1: Using ep0 maxpacket: 8
[  685.584876][    T9] usb 4-1: config 0 has no interfaces?
[  685.635308][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  685.653598][T14202] team0: Port device team_slave_0 added
[  685.670675][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.698351][ T5881] usb 1-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9
[  685.700932][T14202] team0: Port device team_slave_1 added
[  685.717493][    T9] usb 4-1: Product: syz
[  685.720940][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.736087][    T9] usb 4-1: Manufacturer: syz
[  685.739761][ T5881] usb 1-1: config 0 descriptor??
[  685.740860][    T9] usb 4-1: SerialNumber: syz
[  685.759882][    T9] usb 4-1: config 0 descriptor??
[  685.768456][ T5881] usblcd 1-1:0.0: USBLCD model not supported.
[  685.963758][T14202] batman_adv: batadv0: Adding interface: batadv_slave_0
[  685.972063][T14202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  686.008637][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  686.062505][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  686.086613][T14202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  686.138301][   T36] hsr_slave_0: left promiscuous mode
[  686.151504][   T36] hsr_slave_1: left promiscuous mode
[  686.226665][   T36] veth1_macvtap: left promiscuous mode
[  686.233956][   T36] veth0_macvtap: left promiscuous mode
[  686.241020][   T36] veth1_vlan: left promiscuous mode
[  686.247348][   T36] veth0_vlan: left promiscuous mode
[  686.682174][T14295] ALSA: mixer_oss: invalid OSS volume '¥¬T¶½
ø¿'
[  686.704832][T14295] netlink: 'syz.4.2869': attribute type 11 has an invalid length.
[  686.738358][T14292] xt_CT: No such helper "snmp"
[  687.136417][ T5831] Bluetooth: hci4: command tx timeout
[  687.874508][   T10] usb 4-1: USB disconnect, device number 19
[  688.081482][   T10] usb 1-1: USB disconnect, device number 6
[  688.342484][T14310] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2872'.
[  688.343093][T14308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2873'.
[  688.791495][T14314] ALSA: mixer_oss: invalid OSS volume '¥¬T¶½
ø¿'
[  689.205710][ T5831] Bluetooth: hci4: command tx timeout
[  689.225443][   T10] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  689.389348][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  689.407702][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  689.424349][   T10] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  689.437480][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.446336][   T10] usb 3-1: Product: syz
[  689.451057][   T10] usb 3-1: Manufacturer: syz
[  689.456579][   T10] usb 3-1: SerialNumber: syz
[  689.462234][T14202] batman_adv: batadv0: Adding interface: batadv_slave_1
[  689.471681][T14202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  689.500957][   T10] usb 3-1: config 0 descriptor??
[  689.512550][   T10] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  689.519988][   T10] usb 3-1: No valid video chain found.
[  689.529271][T14202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  689.711092][T14320] netlink: 596 bytes leftover after parsing attributes in process `syz.0.2876'.
[  689.742585][T14318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.828243][T14318] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.849134][T14202] hsr_slave_0: entered promiscuous mode
[  689.858134][T14202] hsr_slave_1: entered promiscuous mode
[  689.865902][T14318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.876499][T14318] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.896756][    T9] usb 3-1: USB disconnect, device number 123
[  690.006094][T14202] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  690.028995][T14202] Cannot create hsr debugfs directory
[  690.285284][ T5881] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  690.369479][   T36] IPVS: stop unused estimator thread 0...
[  690.615426][ T5881] usb 5-1: Using ep0 maxpacket: 16
[  690.642584][ T5881] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  690.686511][ T5881] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  690.850373][ T5881] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  690.861165][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.980839][ T5881] usb 5-1: Product: syz
[  690.985442][ T5881] usb 5-1: Manufacturer: syz
[  690.992447][ T5881] usb 5-1: SerialNumber: syz
[  691.496116][ T5881] usb 5-1: 0:2 : does not exist
[  691.538809][ T5881] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  691.794072][ T5881] usb 5-1: USB disconnect, device number 117
[  691.900928][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  692.112700][T14340] xt_CT: No such helper "snmp"
[  692.382084][T14202] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  692.432184][T14202] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  692.478416][T14329] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2878'.
[  692.494447][T14202] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  692.514830][T14202] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  692.675853][ T5881] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  692.691899][T14202] 8021q: adding VLAN 0 to HW filter on device bond0
[  692.751178][T14202] 8021q: adding VLAN 0 to HW filter on device team0
[  692.781568][ T7573] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.790218][ T7573] bridge0: port 1(bridge_slave_0) entered forwarding state
[  692.865315][ T5881] usb 4-1: Using ep0 maxpacket: 16
[  692.877949][ T5881] usb 4-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  692.894528][ T7577] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.903968][ T7577] bridge0: port 2(bridge_slave_1) entered forwarding state
[  692.923654][ T5881] usb 4-1: too many endpoints for config 0 interface 0 altsetting 199: 206, using maximum allowed: 30
[  692.971412][ T5881] usb 4-1: config 0 interface 0 altsetting 199 has 0 endpoint descriptors, different from the interface descriptor's value: 206
[  693.025822][ T5881] usb 4-1: config 0 interface 0 has no altsetting 0
[  693.036763][ T5881] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  693.085292][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.130012][ T5881] usb 4-1: Product: syz
[  693.153285][ T5881] usb 4-1: Manufacturer: syz
[  693.182118][ T5881] usb 4-1: SerialNumber: syz
[  693.191579][T14202] 8021q: adding VLAN 0 to HW filter on device batadv0
[  693.220251][ T5881] usb 4-1: config 0 descriptor??
[  693.383096][T14202] veth0_vlan: entered promiscuous mode
[  693.452498][T14202] veth1_vlan: entered promiscuous mode
[  693.469248][ T5881] hub 4-1:0.0: bad descriptor, ignoring hub
[  693.491087][ T5881] hub 4-1:0.0: probe with driver hub failed with error -5
[  693.534293][ T5881] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  693.606871][T14202] veth0_macvtap: entered promiscuous mode
[  693.634331][ T5881] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  693.642027][T14202] veth1_macvtap: entered promiscuous mode
[  693.707438][ T5881] usb 4-1: USB disconnect, device number 20
[  693.730992][T14202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.790746][T10194] udevd[10194]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  693.793109][T14202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.824985][T14202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  693.893135][T14202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  693.960849][T14202] batman_adv: batadv0: Interface activated: batadv_slave_0
[  694.024609][T14202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  694.056158][T14202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.078586][T14202] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  694.097518][T14202] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  694.111993][T14202] batman_adv: batadv0: Interface activated: batadv_slave_1
[  694.162008][T14202] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  694.181234][T14202] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  694.194263][T14202] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  694.215882][T14202] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  694.395499][ T5881] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  694.436232][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  694.458562][T14383] sg_read: process 1615 (syz.3.2888) changed security contexts after opening file descriptor, this is not allowed.
[  694.472195][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  694.558209][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  694.598218][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  694.616208][ T5881] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  694.639956][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  694.655325][ T5139] Bluetooth: hci4: command 0x0405 tx timeout
[  694.667324][ T5881] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  694.689087][T14202] ==================================================================
[  694.697507][T14202] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[  694.701152][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  694.705262][T14202] Write of size 8 at addr ffff888058899808 by task syz-executor/14202
[  694.705285][T14202] 
[  694.705299][T14202] CPU: 0 UID: 0 PID: 14202 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  694.705322][T14202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  694.705334][T14202] Call Trace:
[  694.705344][T14202]  <TASK>
[  694.705352][T14202]  dump_stack_lvl+0x189/0x250
[  694.705393][T14202]  ? __kasan_check_byte+0x12/0x40
[  694.705418][T14202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.705445][T14202]  ? lock_release+0x4b/0x3e0
[  694.705470][T14202]  ? lock_release+0x4b/0x3e0
[  694.705499][T14202]  ? __virt_addr_valid+0x469/0x540
[  694.705525][T14202]  print_report+0xb4/0x290
[  694.705548][T14202]  ? binder_add_device+0x5f/0xa0
[  694.705571][T14202]  kasan_report+0x118/0x150
[  694.705598][T14202]  ? binder_add_device+0x5f/0xa0
[  694.705630][T14202]  binder_add_device+0x5f/0xa0
[  694.705659][T14202]  binderfs_binder_device_create+0x8b7/0xaf0
[  694.705692][T14202]  binderfs_fill_super+0xa0e/0xe90
[  694.705722][T14202]  ? __pfx_binderfs_fill_super+0x10/0x10
[  694.705762][T14202]  ? shrinker_register+0x16b/0x230
[  694.705784][T14202]  ? sget_fc+0x962/0xa40
[  694.705806][T14202]  ? __pfx_set_anon_super_fc+0x10/0x10
[  694.705826][T14202]  ? __pfx_binderfs_fill_super+0x10/0x10
[  694.705854][T14202]  get_tree_nodev+0xb8/0x150
[  694.705877][T14202]  vfs_get_tree+0x8f/0x2b0
[  694.705902][T14202]  do_new_mount+0x24a/0xa40
[  694.705933][T14202]  __se_sys_mount+0x317/0x410
[  694.705963][T14202]  ? __pfx___se_sys_mount+0x10/0x10
[  694.705992][T14202]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  694.706021][T14202]  ? __ia32_sys_mount+0x20/0xc0
[  694.706048][T14202]  __do_fast_syscall_32+0xb4/0x110
[  694.706080][T14202]  do_fast_syscall_32+0x34/0x80
[  694.706106][T14202]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  694.706134][T14202] RIP: 0023:0xf7f85539
[  694.706153][T14202] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  694.706173][T14202] RSP: 002b:00000000f756ff20 EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[  694.706197][T14202] RAX: ffffffffffffffda RBX: 00000000f72a64ed RCX: 00000000f7296be3
[  694.706213][T14202] RDX: 00000000f72a64ed RSI: 0000000000000000 RDI: 0000000000000000
[  694.706226][T14202] RBP: 00000000f7274088 R08: 0000000000000000 R09: 0000000000000000
[  694.706240][T14202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  694.706253][T14202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  694.706274][T14202]  </TASK>
[  694.706284][T14202] 
[  694.986017][T14202] Allocated by task 5841:
[  694.990347][T14202]  kasan_save_track+0x3e/0x80
[  694.995034][T14202]  __kasan_kmalloc+0x93/0xb0
[  694.999643][T14202]  __kmalloc_cache_noprof+0x230/0x3d0
[  695.005070][T14202]  binderfs_binder_device_create+0x17f/0xaf0
[  695.011174][T14202]  binderfs_fill_super+0xa0e/0xe90
[  695.016702][T14202]  get_tree_nodev+0xb8/0x150
[  695.021529][T14202]  vfs_get_tree+0x8f/0x2b0
[  695.026080][T14202]  do_new_mount+0x24a/0xa40
[  695.031512][T14202]  __se_sys_mount+0x317/0x410
[  695.036464][T14202]  __do_fast_syscall_32+0xb4/0x110
[  695.041647][T14202]  do_fast_syscall_32+0x34/0x80
[  695.046628][T14202]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  695.053450][T14202] 
[  695.055794][T14202] Freed by task 5828:
[  695.059785][T14202]  kasan_save_track+0x3e/0x80
[  695.066257][T14202]  kasan_save_free_info+0x46/0x50
[  695.072123][T14202]  __kasan_slab_free+0x62/0x70
[  695.077253][T14202]  kfree+0x193/0x440
[  695.082033][T14202]  binder_proc_dec_tmpref+0x228/0x4f0
[  695.088030][T14202]  binder_deferred_func+0x13a5/0x1520
[  695.093956][T14202]  process_scheduled_works+0xadb/0x17a0
[  695.099875][T14202]  worker_thread+0x8a0/0xda0
[  695.104828][T14202]  kthread+0x70e/0x8a0
[  695.108946][T14202]  ret_from_fork+0x4b/0x80
[  695.113567][T14202]  ret_from_fork_asm+0x1a/0x30
[  695.119989][T14202] 
[  695.123363][T14202] The buggy address belongs to the object at ffff888058899800
[  695.123363][T14202]  which belongs to the cache kmalloc-512 of size 512
[  695.138821][T14202] The buggy address is located 8 bytes inside of
[  695.138821][T14202]  freed 512-byte region [ffff888058899800, ffff888058899a00)
[  695.153595][T14202] 
[  695.156403][T14202] The buggy address belongs to the physical page:
[  695.163358][T14202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58898
[  695.172195][T14202] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  695.182628][T14202] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  695.191305][T14202] page_type: f5(slab)
[  695.195934][T14202] raw: 00fff00000000040 ffff88801a041c80 ffffea00009c6000 dead000000000002
[  695.205268][T14202] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  695.215758][T14202] head: 00fff00000000040 ffff88801a041c80 ffffea00009c6000 dead000000000002
[  695.224538][T14202] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  695.233936][T14202] head: 00fff00000000002 ffffea0001622601 00000000ffffffff 00000000ffffffff
[  695.242731][T14202] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  695.251688][T14202] page dumped because: kasan: bad access detected
[  695.258131][T14202] page_owner tracks the page as allocated
[  695.263861][T14202] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1091, tgid 1091 (kworker/u8:5), ts 97658137237, free_ts 28785158127
[  695.283343][T14202]  post_alloc_hook+0x1d8/0x230
[  695.289157][T14202]  get_page_from_freelist+0x21ce/0x22b0
[  695.294839][T14202]  __alloc_frozen_pages_noprof+0x181/0x370
[  695.300861][T14202]  alloc_pages_mpol+0x232/0x4a0
[  695.306078][T14202]  allocate_slab+0x8a/0x3b0
[  695.310778][T14202]  ___slab_alloc+0xbfc/0x1480
[  695.316623][T14202]  __kmalloc_noprof+0x305/0x4f0
[  695.321680][T14202]  __cfg80211_bss_update+0x196/0x2120
[  695.327351][T14202]  cfg80211_inform_single_bss_data+0xba9/0x1ac0
[  695.333633][T14202]  cfg80211_inform_bss_data+0x1fb/0x3b20
[  695.339376][T14202]  cfg80211_inform_bss_frame_data+0x362/0x700
[  695.345472][T14202]  __ieee80211_sta_join_ibss+0xd58/0x1610
[  695.351829][T14202]  ieee80211_sta_create_ibss+0x300/0x480
[  695.357612][T14202]  ieee80211_ibss_work+0xdb1/0x1060
[  695.363039][T14202]  cfg80211_wiphy_work+0x2dc/0x460
[  695.368169][T14202]  process_scheduled_works+0xadb/0x17a0
[  695.373987][T14202] page last free pid 1 tgid 1 stack trace:
[  695.380286][T14202]  __free_frozen_pages+0xb0e/0xcd0
[  695.385522][T14202]  free_contig_range+0x159/0x440
[  695.390666][T14202]  destroy_args+0x86/0x460
[  695.395655][T14202]  debug_vm_pgtable+0x3cf/0x410
[  695.402268][T14202]  do_one_initcall+0x233/0x820
[  695.407597][T14202]  do_initcall_level+0x137/0x1f0
[  695.412738][T14202]  do_initcalls+0x69/0xd0
[  695.417274][T14202]  kernel_init_freeable+0x3d9/0x570
[  695.422785][T14202]  kernel_init+0x1d/0x1d0
[  695.427300][T14202]  ret_from_fork+0x4b/0x80
[  695.431759][T14202]  ret_from_fork_asm+0x1a/0x30
[  695.437007][T14202] 
[  695.439380][T14202] Memory state around the buggy address:
[  695.445090][T14202]  ffff888058899700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  695.453353][T14202]  ffff888058899780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  695.461474][T14202] >ffff888058899800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  695.470262][T14202]                       ^
[  695.474603][T14202]  ffff888058899880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  695.484494][T14202]  ffff888058899900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  695.492851][T14202] ==================================================================
[  695.546457][T14386] netlink: 596 bytes leftover after parsing attributes in process `syz.2.2898'.
[  695.562158][ T5881] usb 1-1: config 0 descriptor??
[  695.599414][ T5881] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  695.855308][ T5828] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  695.982346][T14202] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  695.989622][T14202] CPU: 0 UID: 0 PID: 14202 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  696.002013][T14202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  696.012437][T14202] Call Trace:
[  696.015750][T14202]  <TASK>
[  696.018873][T14202]  dump_stack_lvl+0x99/0x250
[  696.023512][T14202]  ? __asan_memcpy+0x40/0x70
[  696.028407][T14202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  696.033882][T14202]  ? __pfx__printk+0x10/0x10
[  696.038564][T14202]  panic+0x2db/0x790
[  696.042587][T14202]  ? __pfx_preempt_schedule+0x10/0x10
[  696.048184][T14202]  ? __pfx_panic+0x10/0x10
[  696.052696][T14202]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  696.058844][T14202]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  696.065418][T14202]  ? binder_add_device+0x5f/0xa0
[  696.070522][T14202]  check_panic_on_warn+0x89/0xb0
[  696.075938][T14202]  ? binder_add_device+0x5f/0xa0
[  696.080933][T14202]  end_report+0x78/0x160
[  696.085218][T14202]  kasan_report+0x129/0x150
[  696.089773][T14202]  ? binder_add_device+0x5f/0xa0
[  696.094829][T14202]  binder_add_device+0x5f/0xa0
[  696.099638][T14202]  binderfs_binder_device_create+0x8b7/0xaf0
[  696.105941][T14202]  binderfs_fill_super+0xa0e/0xe90
[  696.111135][T14202]  ? __pfx_binderfs_fill_super+0x10/0x10
[  696.116822][T14202]  ? shrinker_register+0x16b/0x230
[  696.121995][T14202]  ? sget_fc+0x962/0xa40
[  696.126303][T14202]  ? __pfx_set_anon_super_fc+0x10/0x10
[  696.131870][T14202]  ? __pfx_binderfs_fill_super+0x10/0x10
[  696.137536][T14202]  get_tree_nodev+0xb8/0x150
[  696.142146][T14202]  vfs_get_tree+0x8f/0x2b0
[  696.146596][T14202]  do_new_mount+0x24a/0xa40
[  696.151157][T14202]  __se_sys_mount+0x317/0x410
[  696.156241][T14202]  ? __pfx___se_sys_mount+0x10/0x10
[  696.161684][T14202]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  696.168435][T14202]  ? __ia32_sys_mount+0x20/0xc0
[  696.173534][T14202]  __do_fast_syscall_32+0xb4/0x110
[  696.179152][T14202]  do_fast_syscall_32+0x34/0x80
[  696.184418][T14202]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  696.191115][T14202] RIP: 0023:0xf7f85539
[  696.195325][T14202] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  696.215934][T14202] RSP: 002b:00000000f756ff20 EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[  696.224898][T14202] RAX: ffffffffffffffda RBX: 00000000f72a64ed RCX: 00000000f7296be3
[  696.233101][T14202] RDX: 00000000f72a64ed RSI: 0000000000000000 RDI: 0000000000000000
[  696.241906][T14202] RBP: 00000000f7274088 R08: 0000000000000000 R09: 0000000000000000
[  696.249922][T14202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  696.257941][T14202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  696.266188][T14202]  </TASK>
[  696.270027][T14202] Kernel Offset: disabled
[  696.274379][T14202] Rebooting in 86400 seconds..